Skip to content

Commit 61211e9

Browse files
tbrehmtbrehm
committed
Fixed: FS#2109 - Email address validation via API method(s) is inadequate (and results in false-negatives)
1 parent b0eb45d commit 61211e9

File tree

2 files changed

+46
-2
lines changed

2 files changed

+46
-2
lines changed

interface/lib/classes/remoting_lib.inc.php

Lines changed: 23 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -452,16 +452,37 @@ function validateField($field_name, $field_value, $validators) {
452452
}
453453
break;
454454
case 'ISEMAIL':
455-
if(!preg_match("/^\w+[\w\.\-\+]*\w{0,}@\w+[\w.-]*\w+\.[a-zA-Z0-9\-]{2,30}$/i", $field_value)) {
455+
if(function_exists('filter_var')) {
456+
if(!filter_var($field_value, FILTER_VALIDATE_EMAIL)) {
457+
$errmsg = $validator['errmsg'];
458+
if(isset($this->wordbook[$errmsg])) {
459+
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
460+
} else {
461+
$this->errorMessage .= $errmsg."<br />\r\n";
462+
}
463+
}
464+
} else {
465+
if(!preg_match("/^\w+[\w\.\-\+]*\w{0,}@\w+[\w.-]*\w+\.[a-zA-Z0-9\-]{2,30}$/i", $field_value)) {
456466
$errmsg = $validator['errmsg'];
457467
if(isset($this->wordbook[$errmsg])) {
458468
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
459469
} else {
460470
$this->errorMessage .= $errmsg."<br />\r\n";
461471
}
462472
}
473+
}
463474
break;
464475
case 'ISINT':
476+
if(function_exists('filter_var')) {
477+
if(!filter_var($field_value, FILTER_VALIDATE_INT)) {
478+
$errmsg = $validator['errmsg'];
479+
if(isset($this->wordbook[$errmsg])) {
480+
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
481+
} else {
482+
$this->errorMessage .= $errmsg."<br />\r\n";
483+
}
484+
}
485+
} else {
465486
$tmpval = intval($field_value);
466487
if($tmpval === 0 and !empty($field_value)) {
467488
$errmsg = $validator['errmsg'];
@@ -471,6 +492,7 @@ function validateField($field_name, $field_value, $validators) {
471492
$this->errorMessage .= $errmsg."<br />\r\n";
472493
}
473494
}
495+
}
474496
break;
475497
case 'ISPOSITIVE':
476498
if(!is_numeric($field_value) || $field_value <= 0){

interface/lib/classes/tform.inc.php

Lines changed: 23 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -769,16 +769,37 @@ function validateField($field_name, $field_value, $validators) {
769769
}
770770
break;
771771
case 'ISEMAIL':
772-
if(!preg_match("/^\w+[\w\.\-\+]*\w{0,}@\w+[\w.-]*\w+\.[a-zA-Z0-9\-]{2,30}$/i", $field_value)) {
772+
if(function_exists('filter_var')) {
773+
if(!filter_var($field_value, FILTER_VALIDATE_EMAIL)) {
774+
$errmsg = $validator['errmsg'];
775+
if(isset($this->wordbook[$errmsg])) {
776+
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
777+
} else {
778+
$this->errorMessage .= $errmsg."<br />\r\n";
779+
}
780+
}
781+
} else {
782+
if(!preg_match("/^\w+[\w\.\-\+]*\w{0,}@\w+[\w.-]*\w+\.[a-zA-Z0-9\-]{2,30}$/i", $field_value)) {
773783
$errmsg = $validator['errmsg'];
774784
if(isset($this->wordbook[$errmsg])) {
775785
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
776786
} else {
777787
$this->errorMessage .= $errmsg."<br />\r\n";
778788
}
779789
}
790+
}
780791
break;
781792
case 'ISINT':
793+
if(function_exists('filter_var')) {
794+
if(!filter_var($field_value, FILTER_VALIDATE_INT)) {
795+
$errmsg = $validator['errmsg'];
796+
if(isset($this->wordbook[$errmsg])) {
797+
$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
798+
} else {
799+
$this->errorMessage .= $errmsg."<br />\r\n";
800+
}
801+
}
802+
} else {
782803
$tmpval = intval($field_value);
783804
if($tmpval === 0 and !empty($field_value)) {
784805
$errmsg = $validator['errmsg'];
@@ -788,6 +809,7 @@ function validateField($field_name, $field_value, $validators) {
788809
$this->errorMessage .= $errmsg."<br />\r\n";
789810
}
790811
}
812+
}
791813
break;
792814
case 'ISPOSITIVE':
793815
if(!is_numeric($field_value) || $field_value <= 0){

0 commit comments

Comments
 (0)