Skip to content

Commit

Permalink
Fixed issue #9090: Valid IDNA e-mail address is considered incorrect
Browse files Browse the repository at this point in the history
  • Loading branch information
@c-schmitz
c-schmitz committed Jun 17, 2014
1 parent 571fc72 commit b0e862e
Show file tree
Hide file tree
Showing 5 changed files with 41 additions and 19 deletions.
8 changes: 4 additions & 4 deletions application/controllers/admin/tokens.php
View file
Expand Up @@ -683,7 +683,7 @@ function addnew($iSurveyId)
$aData = array(
'firstname' => Yii::app()->request->getPost('firstname'),
'lastname' => Yii::app()->request->getPost('lastname'),
'email' => sanitize_email(Yii::app()->request->getPost('email')),
'email' => Yii::app()->request->getPost('email'),
'emailstatus' => Yii::app()->request->getPost('emailstatus'),
'token' => $sanitizedtoken,
'language' => sanitize_languagecode(Yii::app()->request->getPost('language')),
Expand Down Expand Up @@ -784,7 +784,7 @@ function edit($iSurveyId, $iTokenId)

$aTokenData['firstname'] = Yii::app()->request->getPost('firstname');
$aTokenData['lastname'] = Yii::app()->request->getPost('lastname');
$aTokenData['email'] = sanitize_email(Yii::app()->request->getPost('email'));
$aTokenData['email'] = Yii::app()->request->getPost('email');
$aTokenData['emailstatus'] = Yii::app()->request->getPost('emailstatus');
$santitizedtoken = sanitize_token(Yii::app()->request->getPost('token'));
$aTokenData['token'] = $santitizedtoken;
Expand Down Expand Up @@ -919,7 +919,7 @@ function addDummies($iSurveyId, $subaction = '')

$aData = array('firstname' => Yii::app()->request->getPost('firstname'),
'lastname' => Yii::app()->request->getPost('lastname'),
'email' => sanitize_email(Yii::app()->request->getPost('email')),
'email' => Yii::app()->request->getPost('email'),
'emailstatus' => 'OK',
'token' => $santitizedtoken,
'language' => sanitize_languagecode(Yii::app()->request->getPost('language')),
Expand Down Expand Up @@ -1744,7 +1744,7 @@ public function importldap($iSurveyId)
if (isset($responseGroup[$j][$ldap_queries[$ldapq]['email_attr']]))
{
$myemail = ldap_readattr($responseGroup[$j][$ldap_queries[$ldapq]['email_attr']]);
$myemail = sanitize_email($myemail);
$myemail = $myemail;
++$xv;
}
elseif ($filterblankemail !== true)
Expand Down
29 changes: 29 additions & 0 deletions application/core/LSYii_Validators.php
View file
Expand Up @@ -166,4 +166,33 @@ public function multiLanguageFilter($value)
$aValue=array_map("sanitize_languagecode",$aValue);
return implode(" ",$aValue);
}

public function emailIDNA($value,$params){

if ($value='' && isset($params['allowEmpty']) && $params['allowEmpty'])
{
return $value;
}

if (isset($params['allowMultiple']) && $params['allowMultiple'])
{
$aEmailAdresses=explode(';',$value);
}
else
{
$aEmailAdresses=array($value);
}

foreach ($aEmailAdresses as $sEmailAddress)
{
if (!validateEmailAddress($value))
{
$this->addError($attribute, gT('Invalid email address.'));
return;
}

}
return $value;
}

}
12 changes: 0 additions & 12 deletions application/helpers/sanitize_helper.php
View file
Expand Up @@ -60,7 +60,6 @@
// functions specified in flags. flags can be bitwise
// combination of PARANOID, SQL, SYSTEM, HTML, INT, FLOAT, LDAP,
// UTF8
// sanitize_email($email) -- input any string, all non-email chars will be removed
// sanitize_user($string) -- total length check (and more ??)
// sanitize_userfullname($string) -- total length check (and more ??)
//
Expand All @@ -71,7 +70,6 @@
// in sanitize_sql_string() function, created rudimentary testing pages
// 20031221 gz - added nice_addslashes and changed sanitize_sql_string to use it
// 20070213 lemeur - marked sanitize_sql_string as obsolete, should use db_quote instead
// 20071025 c_schmitz - added sanitize_email
// 20071032 lemeur - added sanitize_user and sanitize_userfullname
//
/////////////////////////////////////////
Expand Down Expand Up @@ -172,16 +170,6 @@ function sanitize_cquestions($string, $min='', $max='')
}
}

function sanitize_email($email) {
// Handles now emails separated with a semikolon
$emailarray=explode(';',$email);
for ($i = 0; $i <= count($emailarray)-1; $i++)
{
$emailarray[$i]=preg_replace("/[^`'a-zA-Z0-9;+_=|.$%&#!{*~?}^@-]/i", "", $emailarray[$i]);
}
return implode(';',$emailarray);
}

// sanitize a string in prep for passing a single argument to system() (or similar)
function sanitize_system_string($string, $min='', $max='')
{
Expand Down
9 changes: 7 additions & 2 deletions application/models/Token.php
View file
Expand Up @@ -128,10 +128,15 @@ public function relations()

public function rules()
{

return array(
array('token', 'unique', 'allowEmpty' => true),
array(implode(',', $this->tableSchema->columnNames), 'safe')
array(implode(',', $this->tableSchema->columnNames), 'safe'),
array('remindercount','numerical', 'integerOnly'=>true,'allowEmpty'=>true),
array('email','filter','filter'=>'trim'),
array('email','emailIDNA', 'allowEmpty'=>true, 'allowMultiple'=>true),
array('usesleft','numerical', 'integerOnly'=>true,'allowEmpty'=>true),
array('mpid','numerical', 'integerOnly'=>true,'allowEmpty'=>true),
array('blacklisted', 'in','range'=>array('Y','N'), 'allowEmpty'=>true),
);
}

Expand Down
2 changes: 1 addition & 1 deletion application/models/TokenDynamic.php
View file
Expand Up @@ -87,7 +87,7 @@ public function rules()
return array(
array('remindercount','numerical', 'integerOnly'=>true,'allowEmpty'=>true),
array('email','filter','filter'=>'trim'),
array('email','email', 'allowEmpty'=>true),
array('email','emailIDNA', 'allowEmpty'=>true, 'allowMultiple'=>true),
array('usesleft','numerical', 'integerOnly'=>true,'allowEmpty'=>true),
array('mpid','numerical', 'integerOnly'=>true,'allowEmpty'=>true),
array('blacklisted', 'in','range'=>array('Y','N'), 'allowEmpty'=>true),
Expand Down

0 comments on commit b0e862e

Please sign in to comment.