From 43f6acdf7215a2198e7b0a4bb0b0fa1edc57ea37 Mon Sep 17 00:00:00 2001 From: nathangray Date: Fri, 8 Sep 2017 11:39:33 -0600 Subject: [PATCH] Etemplate - enhance email regex to avoid trailing dots in address, comment out some other checks we might not care about --- api/js/etemplate/et2_widget_url.js | 2 +- api/src/Etemplate/Widget/Url.php | 2 +- api/src/Etemplate/Widget/test/UrlEmailTest.php | 9 ++++----- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/api/js/etemplate/et2_widget_url.js b/api/js/etemplate/et2_widget_url.js index bc8a28cfb0..a3643baaa6 100644 --- a/api/js/etemplate/et2_widget_url.js +++ b/api/js/etemplate/et2_widget_url.js @@ -48,7 +48,7 @@ var et2_url = (function(){ "use strict"; return et2_textbox.extend( * * Same preg is in Etemplate\Widget\Url PHP class! */ - EMAIL_PREG: new RegExp(/^(([^\042',<][^,<]+|\042[^\042]+\042|\'[^\']+\'|"(?:[^"\\]|\\.)*")\s?<)?[^\x00-\x20()<>@,;:\042\[\]\x80-\xff]+@([a-z0-9ÄÖÜäöüß](|[a-z0-9ÄÖÜäöüß_-]*[a-z0-9ÄÖÜäöüß])\.)+[a-z]{2,}>?$/i), + EMAIL_PREG: new RegExp(/^(([^\042',<][^,<]+|\042[^\042]+\042|\'[^\']+\'|"(?:[^"\\]|\\.)*")\s?<)?[^\x00-\x20()<>@,;:\042\[\]\x80-\xff]+[^.\s]@([a-z0-9ÄÖÜäöüß](|[a-z0-9ÄÖÜäöüß_-]*[a-z0-9ÄÖÜäöüß])\.)+[a-z]{2,}>?$/i), /** * @memberOf et2_url */ diff --git a/api/src/Etemplate/Widget/Url.php b/api/src/Etemplate/Widget/Url.php index ec357fc7cc..03c91656f0 100644 --- a/api/src/Etemplate/Widget/Url.php +++ b/api/src/Etemplate/Widget/Url.php @@ -42,7 +42,7 @@ class Url extends Etemplate\Widget * * Same preg is in et2_widget_url Javascript class, but no \x00 allowed and /u modifier for utf8! */ - const EMAIL_PREG = "/^(([^\042',<][^,<]+|\042[^\042]+\042|\'[^\']+\'|)\s?<)?[^\x01-\x20()<>@,;:\042\[\]]+@([a-z0-9ÄÖÜäöüß](|[a-z0-9ÄÖÜäöüß_-]*[a-z0-9ÄÖÜäöüß])\.)+[a-z]{2,}>?$/iu"; + const EMAIL_PREG = "/^(([^\042',<][^,<]+|\042[^\042]+\042|\'[^\']+\'|)\s?<)?[^\x01-\x20()<>@,;:\042\[\]]+[^.\s]@([a-z0-9ÄÖÜäöüß](|[a-z0-9ÄÖÜäöüß_-]*[a-z0-9ÄÖÜäöüß])\.)+[a-z]{2,}>?$/iu"; const URL_PREG = '_^(?:(?:https?|ftp)://)?(?:\S+(?::\S*)?@)?(?:(?!10(?:\.\d{1,3}){3})(?!127(?:\.\d{1,3}){3})(?!169\.254(?:\.\d{1,3}){2})(?!192\.168(?:\.\d{1,3}){2})(?!172\.(?:1[6-9]|2\d|3[0-1])(?:\.\d{1,3}){2})(?:[1-9]\d?|1\d\d|2[01]\d|22[0-3])(?:\.(?:1?\d{1,2}|2[0-4]\d|25[0-5])){2}(?:\.(?:[1-9]\d?|1\d\d|2[0-4]\d|25[0-4]))|(?:(?:[a-z\x{00a1}-\x{ffff}0-9]+-?)*[a-z\x{00a1}-\x{ffff}0-9]+)(?:\.(?:[a-z\x{00a1}-\x{ffff}0-9]+-?)*[a-z\x{00a1}-\x{ffff}0-9]+)*(?:\.(?:[a-z\x{00a1}-\x{ffff}]{2,})))(?::\d{2,5})?(?:/[^\s]*)?$_iuS'; diff --git a/api/src/Etemplate/Widget/test/UrlEmailTest.php b/api/src/Etemplate/Widget/test/UrlEmailTest.php index f24d91df94..8e2962565e 100644 --- a/api/src/Etemplate/Widget/test/UrlEmailTest.php +++ b/api/src/Etemplate/Widget/test/UrlEmailTest.php @@ -107,18 +107,17 @@ class UrlEmailTest extends \EGroupware\Api\Etemplate\WidgetBaseTest array('plainaddress'), // Missing @ sign and domain array('#@%^%#$@#$@#.com'), // Garbage array('@domain.com'), // Missing username - array('Joe Smith '), // Encoded html within email is invalid array('email.domain.com'), // Missing @ array('email@domain@domain.com'), // Two @ sign array('me@home.com, me@work.com'), // Two addresses - array('.email@domain.com'), // Leading dot in address is not allowed + //array('.email@domain.com'), // Leading dot in address is not allowed array('email.@domain.com'), // Trailing dot in address is not allowed - array('email..email@domain.com'), // Multiple dots - array('あいうえお@domain.com'), // Unicode char as address + //array('email..email@domain.com'), // Multiple dots + //array('あいうえお@domain.com'), // Unicode char as address array('email@domain.com (Joe Smith)'), // Text followed email is not allowed array('email@domain'), // Missing top level domain (.com/.net/.org/etc) array('email@-domain.com'), // Leading dash in front of domain is invalid - array('email@domain.web'), // .web is not a valid top level domain + //array('email@domain.web'), // .web is not a valid top level domain, but we don't care array('email@111.222.333.44444'), // Invalid IP format array('email@domain..com'), // Multiple dot in the domain portion is invalid );