tbrehm
2012-05-08 61211e917b38260b2eba49d21ca666420e920dd1
Fixed: FS#2109 - Email address validation via API method(s) is inadequate (and results in false-negatives)
2 files modified
48 ■■■■■ changed files
interface/lib/classes/remoting_lib.inc.php 24 ●●●●● patch | view | raw | blame | history
interface/lib/classes/tform.inc.php 24 ●●●●● patch | view | raw | blame | history
interface/lib/classes/remoting_lib.inc.php
@@ -452,7 +452,17 @@
                                        }
                                break;
                                case 'ISEMAIL':
                                        if(!preg_match("/^\w+[\w\.\-\+]*\w{0,}@\w+[\w.-]*\w+\.[a-zA-Z0-9\-]{2,30}$/i", $field_value)) {
                                    if(function_exists('filter_var')) {
                                        if(!filter_var($field_value, FILTER_VALIDATE_EMAIL)) {
                                            $errmsg = $validator['errmsg'];
                                            if(isset($this->wordbook[$errmsg])) {
                                                $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
                                            } else {
                                                $this->errorMessage .= $errmsg."<br />\r\n";
                                            }
                                        }
                                    } else {
                                        if(!preg_match("/^\w+[\w\.\-\+]*\w{0,}@\w+[\w.-]*\w+\.[a-zA-Z0-9\-]{2,30}$/i", $field_value)) {
                                                $errmsg = $validator['errmsg'];
                                                if(isset($this->wordbook[$errmsg])) {
                                                    $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
@@ -460,8 +470,19 @@
                                                    $this->errorMessage .= $errmsg."<br />\r\n";
                                                }
                                        }
                                    }
                                break;
                                case 'ISINT':
                                    if(function_exists('filter_var')) {
                                        if(!filter_var($field_value, FILTER_VALIDATE_INT)) {
                                            $errmsg = $validator['errmsg'];
                                            if(isset($this->wordbook[$errmsg])) {
                                                $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
                                            } else {
                                                $this->errorMessage .= $errmsg."<br />\r\n";
                                            }
                                        }
                                    } else {
                                        $tmpval = intval($field_value);
                                        if($tmpval === 0 and !empty($field_value)) {
                                                $errmsg = $validator['errmsg'];
@@ -471,6 +492,7 @@
                                                    $this->errorMessage .= $errmsg."<br />\r\n";
                                                }
                                        }
                                    }
                                break;
                                case 'ISPOSITIVE':
                                        if(!is_numeric($field_value) || $field_value <= 0){
interface/lib/classes/tform.inc.php
@@ -769,7 +769,17 @@
                                        }
                                break;
                                case 'ISEMAIL':
                                        if(!preg_match("/^\w+[\w\.\-\+]*\w{0,}@\w+[\w.-]*\w+\.[a-zA-Z0-9\-]{2,30}$/i", $field_value)) {
                                    if(function_exists('filter_var')) {
                                        if(!filter_var($field_value, FILTER_VALIDATE_EMAIL)) {
                                            $errmsg = $validator['errmsg'];
                                            if(isset($this->wordbook[$errmsg])) {
                                                $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
                                            } else {
                                                $this->errorMessage .= $errmsg."<br />\r\n";
                                            }
                                        }
                                    } else {
                                        if(!preg_match("/^\w+[\w\.\-\+]*\w{0,}@\w+[\w.-]*\w+\.[a-zA-Z0-9\-]{2,30}$/i", $field_value)) {
                                                $errmsg = $validator['errmsg'];
                                                if(isset($this->wordbook[$errmsg])) {
                                                    $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
@@ -777,8 +787,19 @@
                                                    $this->errorMessage .= $errmsg."<br />\r\n";
                                                }
                                        }
                                    }
                                break;
                                case 'ISINT':
                                    if(function_exists('filter_var')) {
                                        if(!filter_var($field_value, FILTER_VALIDATE_INT)) {
                                            $errmsg = $validator['errmsg'];
                                            if(isset($this->wordbook[$errmsg])) {
                                                $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
                                            } else {
                                                $this->errorMessage .= $errmsg."<br />\r\n";
                                            }
                                        }
                                    } else {
                                        $tmpval = intval($field_value);
                                        if($tmpval === 0 and !empty($field_value)) {
                                                $errmsg = $validator['errmsg'];
@@ -788,6 +809,7 @@
                                                    $this->errorMessage .= $errmsg."<br />\r\n";
                                                }
                                        }
                                    }
                                break;
                                case 'ISPOSITIVE':
                                        if(!is_numeric($field_value) || $field_value <= 0){