Skip to content

Commit

Permalink
Merge pull request zendframework#4793 from Maks3w/hotfix/mail-validator
Browse files Browse the repository at this point in the history
[validator] Validate quoted local part of email addresses
  • Loading branch information
weierophinney committed Jul 19, 2013
2 parents d2d1bda + f03b0e2 commit 691581d
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 9 deletions.
15 changes: 6 additions & 9 deletions library/Zend/Validator/EmailAddress.php
Original file line number Diff line number Diff line change
Expand Up @@ -337,15 +337,12 @@ protected function validateLocalPart()
if (preg_match('/^[' . $atext . ']+(\x2e+[' . $atext . ']+)*$/', $this->localPart)) {
$result = true;
} else {
// Try quoted string format

// Quoted-string characters are: DQUOTE *([FWS] qtext/quoted-pair) [FWS] DQUOTE
// qtext: Non white space controls, and the rest of the US-ASCII characters not
// including "\" or the quote character
$noWsCtl = '\x01-\x08\x0b\x0c\x0e-\x1f\x7f';
$qtext = $noWsCtl . '\x21\x23-\x5b\x5d-\x7e';
$ws = '\x20\x09';
if (preg_match('/^\x22([' . $ws . $qtext . '])*[$ws]?\x22$/', $this->localPart)) {
// Try quoted string format (RFC 5321 Chapter 4.1.2)

// Quoted-string characters are: DQUOTE *(qtext/quoted-pair) DQUOTE
$qtext = '\x20-\x21\x23-\x5b\x5d-\x7e'; // %d32-33 / %d35-91 / %d93-126
$quotedPair = '\x20-\x7e'; // %d92 %d32-126
if (preg_match('/^"(['. $qtext .']|\x5c[' . $quotedPair . '])*"$/', $this->localPart)) {
$result = true;
} else {
$this->error(self::DOT_ATOM);
Expand Down
35 changes: 35 additions & 0 deletions tests/ZendTest/Validator/EmailAddressTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,19 @@ public function testHostnameInvalid()
public function testQuotedString()
{
$emailAddresses = array(
'""@domain.com', // Optional
'" "@domain.com', // x20
'"!"@domain.com', // x21
'"\""@domain.com', // \" (escaped x22)
'"#"@domain.com', // x23
'"$"@domain.com', // x24
'"Z"@domain.com', // x5A
'"["@domain.com', // x5B
'"\\\"@domain.com', // \\ (escaped x5C)
'"]"@domain.com', // x5D
'"^"@domain.com', // x5E
'"}"@domain.com', // x7D
'"~"@domain.com', // x7E
'"username"@example.com',
'"bob%jones"@domain.com',
'"bob jones"@domain.com',
Expand All @@ -170,6 +183,28 @@ public function testQuotedString()
}
}

/**
* Ensures that quoted-string local part is considered invalid
*
* @return void
*/
public function testInvalidQuotedString()
{
$emailAddresses = array(
"\"\x00\"@example.com",
"\"\x01\"@example.com",
"\"\x1E\"@example.com",
"\"\x1F\"@example.com",
'"""@example.com', // x22 (not escaped)
'"\"@example.com', // x5C (not escaped)
"\"\x7F\"@example.com",
);
foreach ($emailAddresses as $input) {
$this->assertFalse($this->validator->isValid($input), "$input failed to pass validation:\n"
. implode("\n", $this->validator->getMessages()));
}
}

/**
* Ensures that validation fails when the e-mail is given as for display,
* with angle brackets around the actual address
Expand Down

0 comments on commit 691581d

Please sign in to comment.