mirror of
https://github.com/php/php-src.git
synced 2024-11-24 10:24:11 +08:00
Fixed ext/filter Email Validation Vulnerability
(MOPB-24 by Stefan Esser)
This commit is contained in:
parent
f50ec4ea53
commit
cd32cab680
2
NEWS
2
NEWS
@ -1,6 +1,8 @@
|
||||
PHP NEWS
|
||||
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||
?? ??? 2007, PHP 5.2.3
|
||||
- Fixed ext/filter Email Validation Vulnerability (MOPB-24 by Stefan Esser)
|
||||
(Ilia)
|
||||
|
||||
03 May 2007, PHP 5.2.2
|
||||
- Improved bundled GD
|
||||
|
@ -469,7 +469,7 @@ void php_filter_validate_url(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
|
||||
void php_filter_validate_email(PHP_INPUT_FILTER_PARAM_DECL) /* {{{ */
|
||||
{
|
||||
/* From http://cvs.php.net/co.php/pear/HTML_QuickForm/QuickForm/Rule/Email.php?r=1.4 */
|
||||
const char regexp[] = "/^((\\\"[^\\\"\\f\\n\\r\\t\\b]+\\\")|([\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+(\\.[\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+)*))@((\\[(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))\\])|(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))|((([A-Za-z0-9\\-])+\\.)+[A-Za-z\\-]+))$/";
|
||||
const char regexp[] = "/^((\\\"[^\\\"\\f\\n\\r\\t\\b]+\\\")|([\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+(\\.[\\w\\!\\#\\$\\%\\&\\'\\*\\+\\-\\~\\/\\^\\`\\|\\{\\}]+)*))@((\\[(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))\\])|(((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9]))\\.((25[0-5])|(2[0-4][0-9])|([0-1]?[0-9]?[0-9])))|((([A-Za-z0-9\\-])+\\.)+[A-Za-z\\-]+))$/D";
|
||||
|
||||
pcre *re = NULL;
|
||||
pcre_extra *pcre_extra = NULL;
|
||||
|
11
ext/filter/tests/PMOPB45.phpt
Normal file
11
ext/filter/tests/PMOPB45.phpt
Normal file
@ -0,0 +1,11 @@
|
||||
--TEST--
|
||||
PMOPB-45-2007:PHP ext/filter Email Validation Vulnerability
|
||||
--SKIPIF--
|
||||
<?php if (!extension_loaded("filter")) die("skip"); ?>
|
||||
--FILE--
|
||||
<?php
|
||||
$var = "test@example.com\n";
|
||||
var_dump(filter_var($var, FILTER_VALIDATE_EMAIL));
|
||||
?>
|
||||
--EXPECT--
|
||||
bool(false)
|
Loading…
Reference in New Issue
Block a user