use Bugzilla::Util;
use Bugzilla::Group;
+use Email::Address;
+
use base qw(Bugzilla::Object);
###############################
|| ThrowUserError('flag_type_cc_list_invalid', { cc_list => $cc_list });
my @addresses = split(/[,\s]+/, $cc_list);
- # We do not call Util::validate_email_syntax because these
- # addresses do not require to match 'emailregexp' and do not
- # depend on 'emailsuffix'. So we limit ourselves to a simple
- # sanity check:
- # - match the syntax of a fully qualified email address;
- # - do not contain any illegal character.
+ my $addr_spec = $Email::Address::addr_spec;
+ # We do not call check_email_syntax() because these addresses do not
+ # require to match 'emailregexp' and do not depend on 'emailsuffix'.
foreach my $address (@addresses) {
- ($address =~ /^[\w\.\+\-=]+@[\w\.\-]+\.[\w\-]+$/
- && $address !~ /[\\\(\)<>&,;:"\[\] \t\r\n]/)
+ ($address !~ /\P{ASCII}/ && $address =~ /^$addr_spec$/)
|| ThrowUserError('illegal_email_address',
{addr => $address, default => 1});
}
my ($invocant, $name) = @_;
$name = trim($name);
$name || ThrowUserError('user_login_required');
- validate_email_syntax($name)
- || ThrowUserError('illegal_email_address', { addr => $name });
+ check_email_syntax($name);
# Check the name if it's a new user, or if we're changing the name.
if (!ref($invocant) || $invocant->login ne $name) {
format_time validate_date validate_time datetime_from
file_mod_time is_7bit_clean
bz_crypt generate_random_password
- validate_email_syntax clean_text
+ validate_email_syntax check_email_syntax clean_text
get_text template_var disable_utf8
detect_encoding);
sub validate_email_syntax {
my ($addr) = @_;
my $match = Bugzilla->params->{'emailregexp'};
- my $ret = ($addr =~ /$match/ && $addr !~ /[\\\(\)<>&,;:"\[\] \t\r\n]/);
+ my $email = $addr . Bugzilla->params->{'emailsuffix'};
+ # This regexp follows RFC 2822 section 3.4.1.
+ my $addr_spec = $Email::Address::addr_spec;
+ # RFC 2822 section 2.1 specifies that email addresses must
+ # be made of US-ASCII characters only.
+ # Email::Address::addr_spec doesn't enforce this.
+ my $ret = ($addr =~ /$match/ && $email !~ /\P{ASCII}/ && $email =~ /^$addr_spec$/);
if ($ret) {
# We assume these checks to suffice to consider the address untainted.
trick_taint($_[0]);
return $ret ? 1 : 0;
}
+sub check_email_syntax {
+ my ($addr) = @_;
+
+ unless (validate_email_syntax(@_)) {
+ my $email = $addr . Bugzilla->params->{'emailsuffix'};
+ ThrowUserError('illegal_email_address', { addr => $email });
+ }
+}
+
sub validate_date {
my ($date) = @_;
my $date2;
# Validation Functions
validate_email_syntax($email);
+ check_email_syntax($email);
validate_date($date);
# DB-related functions
the check is successful, else returns 0.
Untaints C<$email> if successful.
+=item C<check_email_syntax($email)>
+
+Do a syntax checking for a legal email address and throws an error
+if the check fails.
+Untaints C<$email> if successful.
+
=item C<validate_date($date)>
Make sure the date has the correct format and returns 1 if
<para>
Defines the regular expression used to validate email addresses
used for login names. The default attempts to match fully
- qualified email addresses (i.e. 'user@example.com'). Some
- Bugzilla installations allow only local user names (i.e 'user'
- instead of 'user@example.com'). In that case, the
- <command>emailsuffix</command> parameter should be used to define
- the email domain.
+ qualified email addresses (i.e. 'user@example.com') in a slightly
+ more restrictive way than what is allowed in RFC 2822.
+ Some Bugzilla installations allow only local user names (i.e 'user'
+ instead of 'user@example.com'). In that case, this parameter
+ should be used to define the email domain.
</para>
</listitem>
</varlistentry>
use lib 't';
use Support::Files;
-use Test::More tests => 15;
+use Test::More tests => 17;
BEGIN {
use_ok(Bugzilla);
"email_filter('$input')");
}
+# validate_email_syntax. We need to override some parameters.
+my $params = Bugzilla->params;
+$params->{emailregexp} = '.*';
+$params->{emailsuffix} = '';
+my $ascii_email = 'admin@company.com';
+# U+0430 returns the Cyrillic "а", which looks similar to the ASCII "a".
+my $utf8_email = "\N{U+0430}dmin\@company.com";
+ok(validate_email_syntax($ascii_email), 'correctly formatted ASCII-only email address is valid');
+ok(!validate_email_syntax($utf8_email), 'correctly formatted email address with non-ASCII characters is rejected');
+
# diff_arrays():
my @old_array = qw(alpha beta alpha gamma gamma beta alpha delta epsilon gamma);
my @new_array = qw(alpha alpha beta gamma epsilon delta beta delta);
"front page will require a login. No anonymous users will " _
"be permitted.",
- emailregexp => "This defines the regexp to use for legal email addresses. The " _
- "default tries to match fully qualified email addresses. Another " _
- "popular value to put here is <tt>^[^@]+$</tt>, which means " _
- "'local usernames, no @ allowed.'",
+ emailregexp =>
+ "This defines the regular expression to use for legal email addresses. " _
+ "The default tries to match fully qualified email addresses. " _
+ "Use <tt>.*</tt> to accept any email address following the " _
+ "<a href='http://tools.ietf.org/html/rfc2822#section-3.4.1'>RFC 2822</a> " _
+ "specification. Another popular value to put here is <tt>^[^@]+$</tt>, " _
+ "which means 'local usernames, no @ allowed.'",
emailregexpdesc => "This describes in English words what kinds of legal addresses " _
"are allowed by the <tt>emailregexp</tt> param.",
[% ELSE %]
[%+ Param('emailregexpdesc') FILTER html_light %]
[% END %]
- It must also not contain any of these special characters:
- <tt>\ ( ) & < > , ; : " [ ]</tt>, or any whitespace.
+ It also must not contain any illegal characters.
[% ELSIF error == "authres_unhandled" %]
The result value of [% value FILTER html %] was not handled by
[% ELSE %]
[%+ Param('emailregexpdesc') FILTER html_light %]
[% END %]
- It must also not contain any of these special characters:
- <tt>\ ( ) & < > , ; : " [ ]</tt>, or any whitespace.
-
+ It also must not contain any illegal characters.
+
[% ELSIF error == "illegal_frequency" %]
[% title = "Too Frequent" %]
Unless you are an administrator, you may not create series which are
my $login_name = $cgi->param('loginname')
or ThrowUserError("login_needed_for_password_change");
- validate_email_syntax($login_name)
- || ThrowUserError('illegal_email_address', {addr => $login_name});
-
+ check_email_syntax($login_name);
my $user = Bugzilla::User->check($login_name);
# Make sure the user account is active.
}
# Before changing an email address, confirm one does not exist.
- validate_email_syntax($new_login_name)
- || ThrowUserError('illegal_email_address', {addr => $new_login_name});
+ check_email_syntax($new_login_name);
is_available_username($new_login_name)
|| ThrowUserError("account_exists", {email => $new_login_name});
projects / thirdparty / bugzilla.git / commitdiff
