From d30f2c69b1fbfcb9bebe17996d11dc4863afd8bc Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Fri, 29 Apr 2016 07:49:58 -0400
Subject: [PATCH] Merge branch 'master' into 'stable-3.1'

---
 interface/lib/classes/tform_base.inc.php |   13 ++++++++++++-
 1 files changed, 12 insertions(+), 1 deletions(-)

diff --git a/interface/lib/classes/tform_base.inc.php b/interface/lib/classes/tform_base.inc.php
index 1739c1f..03ccb1e 100644
--- a/interface/lib/classes/tform_base.inc.php
+++ b/interface/lib/classes/tform_base.inc.php
@@ -973,13 +973,22 @@
 						$this->errorMessage .= $errmsg."<br />\r\n";
 					}
 				}
+				break;
 			case 'ISEMAIL':
+				$error = false;
 				if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n';
 				if($validator['allowempty'] == 'y' && $field_value == '') {
 					//* Do nothing
 				} else {
 					if(function_exists('filter_var')) {
 						if(filter_var($field_value, FILTER_VALIDATE_EMAIL) === false) {
+							$error = true;
+						} else {
+							if (!preg_match("/^[^\\+]+$/", $field_value)) { // * disallow + in local-part
+								$error = true;
+							}
+						}
+						if ($error) {
 							$errmsg = $validator['errmsg'];
 							if(isset($this->wordbook[$errmsg])) {
 								$this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n";
@@ -987,8 +996,10 @@
 								$this->errorMessage .= $errmsg."<br />\r\n";
 							}
 						}
+
 					} else $this->errorMessage .= "function filter_var missing <br />\r\n";
 				}
+				unset($error);
 				break;
 			case 'ISINT':
 				if(function_exists('filter_var') && $field_value < 2147483647) {
@@ -1028,7 +1039,7 @@
 				break;
 			case 'V6PREFIXLENGTH':
 				// find shortes ipv6 subnet can`t be longer
-				$sql_v6 = $app->db->queryOneRecord("SELECT ip_address FROM server_ip WHERE ip_type = 'IPv6' AND virtualhost = 'y' ORDER BY CHAR_LENGTH(ip_address) ASC LIMIT 0,1;");
+				$sql_v6 = $app->db->queryOneRecord("SELECT ip_address FROM server_ip WHERE ip_type = 'IPv6' AND virtualhost = 'y' ORDER BY CHAR_LENGTH(ip_address) ASC LIMIT 0,1");
 				$sql_v6_explode=explode(':',$sql_v6['ip_address']);
 				$explode_field_value = explode(':',$field_value);
 				if (count($sql_v6_explode) < count($explode_field_value) && isset($sql_v6['ip_address'])) {

--
Gitblit v1.9.1