[User Accounts] Email encoding issue (Redmine10193) #2018
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
stellarxo
commented
Jul 22, 2016
stellarxo
commented
added 2 commits
July 22, 2016 09:18
stellarxo
added
the
Bug
Current coverage is 100% (diff: 100%)
@@ 16.1-dev #2018 diff @@
=======================================
Files 117 22 -95
Lines 19843 1281 -18562
Methods 1104 0 -1104
Messages 0 0
Branches 0 0
=======================================
- Hits 2797 1281 -1516
+ Misses 17046 0 -17046
Partials 0 0
|
| @@ -922,6 +922,9 @@ class NDB_Form_User_Accounts extends NDB_Form | |||
| */ | |||
| private function _getEmailError($DB, $email) | |||
| { | |||
| // remove illegal characters | |||
| $email = filter_var($email, FILTER_SANITIZE_EMAIL); | |||
There was a problem hiding this comment.
FILTER_SANITIZE_EMAIL removes illegal characters but does not fix encoding issues as described in the redmine ticket
There was a problem hiding this comment.
The email stays the same and it solves this issue. Are there any reasons why this shouldn't be used?
There was a problem hiding this comment.
@driusan I hate to say I was right but... I was right.
This addition breaks email addresses that contain HTML special chars such as test@gmail.com>
There was a problem hiding this comment.
It looks like at some point there might have been a bad merge, because here there is no if statement but in #8137 there is (resulting in filter_var being called twice)
nirtiac
added
PassedCodeReview
Passed Manual Tests
ridz1208
added a commit
to ridz1208/Loris
that referenced
this pull request
Jul 12, 2022
…email falsifies validity
driusan
pushed a commit
that referenced
this pull request
Jul 14, 2022
…l falsifies validity (#8137) When an email address is entered with invalid characters, the invalid characters are currently stripped before the address is validated, causing the validation to improperly pass when it should fail for email addresses such as "test@gmail.com>". The sanitation pass turns that into "test@gmail.com" before it's validated, which returns "true" despite the address entered being invalid. This also removes an old check for < > and " because the new check offers a clearer error message and covers a broader range of characters we don't want in emails (because of escaping issues).
cmadjar
pushed a commit
to cmadjar/Loris
that referenced
this pull request
Aug 10, 2022
…email falsifies validity (aces#8137) When an email address is entered with invalid characters, the invalid characters are currently stripped before the address is validated, causing the validation to improperly pass when it should fail for email addresses such as "test@gmail.com>". The sanitation pass turns that into "test@gmail.com" before it's validated, which returns "true" despite the address entered being invalid. This also removes an old check for < > and " because the new check offers a clearer error message and covers a broader range of characters we don't want in emails (because of escaping issues).
cmadjar
pushed a commit
to cmadjar/Loris
that referenced
this pull request
Sep 20, 2022
…email falsifies validity (aces#8137) When an email address is entered with invalid characters, the invalid characters are currently stripped before the address is validated, causing the validation to improperly pass when it should fail for email addresses such as "test@gmail.com>". The sanitation pass turns that into "test@gmail.com" before it's validated, which returns "true" despite the address entered being invalid. This also removes an old check for < > and " because the new check offers a clearer error message and covers a broader range of characters we don't want in emails (because of escaping issues).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.