From 5668f9b04a1e3894c5af71becdd2131033f6f7ca Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Mon, 5 Feb 2018 15:30:56 +0100 Subject: [PATCH] one letter name-part in email address failed validation, eg. "x@egroupware.org" --- api/js/etemplate/et2_widget_url.js | 2 +- api/src/Etemplate/Widget/Url.php | 2 +- api/tests/Etemplate/Widget/UrlEmailTest.php | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/api/js/etemplate/et2_widget_url.js b/api/js/etemplate/et2_widget_url.js index 42b781c352..f684b30555 100644 --- a/api/js/etemplate/et2_widget_url.js +++ b/api/js/etemplate/et2_widget_url.js @@ -48,7 +48,7 @@ var et2_url = (function(){ "use strict"; return et2_textbox.extend( * * Same preg is in Etemplate\Widget\Url PHP class! */ - EMAIL_PREG: new RegExp(/^(([^\042',<][^,<]+|\042[^\042]+\042|\'[^\']+\'|"(?:[^"\\]|\\.)*")\s?<)?[^\x00-\x20()<>@,;:\042\[\]\x80-\xff]+[^.\s]@([a-z0-9ÄÖÜäöüß](|[a-z0-9ÄÖÜäöüß_-]*[a-z0-9ÄÖÜäöüß])\.)+[a-z]{2,}>?$/i), + EMAIL_PREG: new RegExp(/^(([^\042',<][^,<]+|\042[^\042]+\042|\'[^\']+\'|"(?:[^"\\]|\\.)*")\s?<)?[^\x00-\x20()<>@,;:\042\[\]\x80-\xff]+[^.\s]?@([a-z0-9ÄÖÜäöüß](|[a-z0-9ÄÖÜäöüß_-]*[a-z0-9ÄÖÜäöüß])\.)+[a-z]{2,}>?$/i), /** * @memberOf et2_url */ diff --git a/api/src/Etemplate/Widget/Url.php b/api/src/Etemplate/Widget/Url.php index 2000020a03..facdfa3fcd 100644 --- a/api/src/Etemplate/Widget/Url.php +++ b/api/src/Etemplate/Widget/Url.php @@ -42,7 +42,7 @@ class Url extends Etemplate\Widget * * Same preg is in et2_widget_url Javascript class, but no \x00 allowed and /u modifier for utf8! */ - const EMAIL_PREG = "/^(([^\042',<][^,<]+|\042[^\042]+\042|\'[^\']+\'|)\s?<)?[^\x01-\x20()<>@,;:\042\[\]]+[^.\s]@([a-z0-9ÄÖÜäöüß](|[a-z0-9ÄÖÜäöüß_-]*[a-z0-9ÄÖÜäöüß])\.)+[a-z]{2,}>?$/iu"; + const EMAIL_PREG = "/^(([^\042',<][^,<]+|\042[^\042]+\042|\'[^\']+\'|)\s?<)?[^\x01-\x20()<>@,;:\042\[\]]+[^.\s]?@([a-z0-9ÄÖÜäöüß](|[a-z0-9ÄÖÜäöüß_-]*[a-z0-9ÄÖÜäöüß])\.)+[a-z]{2,}>?$/iu"; // allow private IP addresses (starting with 10.|169.254.|192.168.) too //const URL_PREG = '_^(?:(?:https?|ftp)://)?(?:\S+(?::\S*)?@)?(?:(?!10(?:\.\d{1,3}){3})(?!127(?:\.\d{1,3}){3})(?!169\.254(?:\.\d{1,3}){2})(?!192\.168(?:\.\d{1,3}){2})(?!172\.(?:1[6-9]|2\d|3[0-1])(?:\.\d{1,3}){2})(?:[1-9]\d?|1\d\d|2[01]\d|22[0-3])(?:\.(?:1?\d{1,2}|2[0-4]\d|25[0-5])){2}(?:\.(?:[1-9]\d?|1\d\d|2[0-4]\d|25[0-4]))|(localhost)|(?:(?:[a-z\x{00a1}-\x{ffff}0-9]+-?)*[a-z\x{00a1}-\x{ffff}0-9]+)(?:\.(?:[a-z\x{00a1}-\x{ffff}0-9]+-?)*[a-z\x{00a1}-\x{ffff}0-9]+)*(?:\.(?:[a-z\x{00a1}-\x{ffff}]{2,})))(?::\d{2,5})?(?:/[^\s]*)?$_iuS'; diff --git a/api/tests/Etemplate/Widget/UrlEmailTest.php b/api/tests/Etemplate/Widget/UrlEmailTest.php index 5048c6d4f8..2049639023 100644 --- a/api/tests/Etemplate/Widget/UrlEmailTest.php +++ b/api/tests/Etemplate/Widget/UrlEmailTest.php @@ -67,7 +67,8 @@ class UrlEmailTest extends \EGroupware\Api\Etemplate\WidgetBaseTest array('_______@domain.com'), // Underscore in the address field is valid array('email@domain.name'), // .name is valid Top Level Domain name array('email@domain.co.jp'), // Dot in Top Level Domain name also considered valid (use co.jp as example here) - array('firstname-lastname@domain.com'), // Dash in address field is valid + array('firstname-lastname@domain.com'), // Dash in address field is valid + array('x@egroupware.org'), // one letter name-part is valid, but failed validation before // Supposedly valid, but we don't // array('"email"@domain.com'), // Quotes around email is considered valid