-
-
Notifications
You must be signed in to change notification settings - Fork 240
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Eliminate false positives #38
Conversation
The regex matched a lot of false positives since the word boundary is not set correctly and the dot is not escaped. For example this one `/\bnus.edu.sg/` does not only match evil@nus.edu.sg but also good@nus.edu.sg.com nus-edu@sg.com nus@edu.sgood.com nusmedursg@good.net I rearranged the code and eliminated the regex in favor of a simple comparison.
Maybe a fix of the regex in the first place would be a better tradeoff? |
I'm only a hobbyist and chances are high that there might be other aspects that I simply don't know about. But my motivation for replacing the regex completely, is that I understand the purpose of a regex is to search for a pattern in a text while the task here is to match a string against a list. If you think of fixing the regex, I think you would have to put it like that |
Here is what a friend of mine proposed (credits https://github.com/julienbreux ):
what do you think @R-J ? |
I do not understand the purpose of the second condition
So in both cases of 2. the count() part would be superfluous. Only if there is such a problem with filter_var, this check might be useful. Please excuse me: I tend to talk too much :-) And if it is really not needed, I would put the explode() after the filter function since that call would be unneeded if the filter function already eliminates a malformed mail address. You only have to explode $email if you compare the last part with the list. So now that I read that
Otherwise it might be possible to trick this function with Since the $mail variable is only needed once in the code above you can consider using directly Thinking about it some time longer I think it is a good habit to keep small libraries as fast as they can be, if they still are readable. Since we are talking about less than half a dozen lines of code I really would drop the $mail variable. |
👍 @R-J could you update your PR with And I will merge it then :) |
@R-J merged! :) |
The regex matched a lot of false positives since the word boundary is not set correctly and the dot is not escaped. For example this one
/\bnus.edu.sg/
does not only match evil@nus.edu.sg but alsogood@nus.edu.sg.com
nus-edu@sg.com
nus@edu.sgood.com
nusmedursg@good.net
I rearranged the code and eliminated the regex in favor of a simple comparison.