Hi Ilia,

I'm not sure if this is a real fix, because the filter passes invalid email addresses.


Also, "validate_email" filter still passes '/' character.

The test 033.phpt need to be fixed.

Thanks. Dmitry.

Ilia Alshanetsky wrote:
iliaa                                    Mon, 07 Sep 2009 02:35:25 +0000

Revision: http://svn.php.net/viewvc?view=revision&revision=288117

Log:
Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters).

Bug: http://bugs.php.net/49470 (Verified) FILTER_SANITIZE_EMAIL does not work
Changed paths:
    U   php/php-src/branches/PHP_5_2/NEWS
    U   php/php-src/branches/PHP_5_2/ext/filter/sanitizing_filters.c
    U   php/php-src/branches/PHP_5_3/NEWS
    U   php/php-src/branches/PHP_5_3/ext/filter/sanitizing_filters.c
    U   php/php-src/trunk/ext/filter/sanitizing_filters.c

Modified: php/php-src/branches/PHP_5_2/NEWS
===================================================================
--- php/php-src/branches/PHP_5_2/NEWS   2009-09-06 22:01:18 UTC (rev 288116)
+++ php/php-src/branches/PHP_5_2/NEWS   2009-09-07 02:35:25 UTC (rev 288117)
@@ -1,11 +1,11 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 0? Sep 2009, PHP 5.2.11
-- Fixed bug #48060 (pdo_pgsql - large objects are returned as empty). (Matteo)
+- Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters).
 - Fixed bug #49447 (php engine needs to correctly check for socket API return
   status on windows). (Sriram Natarajan)
+- Fixed bug #48060 (pdo_pgsql - large objects are returned as empty). (Matteo)

-
 03 Sep 2009, PHP 5.2.11RC2
 - Added missing sanity checks around exif processing. (Ilia)


Modified: php/php-src/branches/PHP_5_2/ext/filter/sanitizing_filters.c
===================================================================
--- php/php-src/branches/PHP_5_2/ext/filter/sanitizing_filters.c        
2009-09-06 22:01:18 UTC (rev 288116)
+++ php/php-src/branches/PHP_5_2/ext/filter/sanitizing_filters.c        
2009-09-07 02:35:25 UTC (rev 288117)
@@ -275,7 +275,7 @@
 void php_filter_email(PHP_INPUT_FILTER_PARAM_DECL)
 {
        /* Check section 6 of rfc 822 http://www.faqs.org/rfcs/rfc822.html */
-       const unsigned char allowed_list[] = LOWALPHA HIALPHA DIGIT 
"!#$%&'*+-/=?^_`{|}...@.[]";
+       const unsigned char allowed_list[] = LOWALPHA HIALPHA DIGIT 
"!#$%&'*+-=?^_`{|}...@.[]";
        filter_map     map;

        filter_map_init(&map);

Modified: php/php-src/branches/PHP_5_3/NEWS
===================================================================
--- php/php-src/branches/PHP_5_3/NEWS   2009-09-06 22:01:18 UTC (rev 288116)
+++ php/php-src/branches/PHP_5_3/NEWS   2009-09-07 02:35:25 UTC (rev 288117)
@@ -5,6 +5,8 @@
 ?? ??? 2009, PHP 5.3.1RC?
 - Restored shebang line check to CGI sapi (not checked by scanner anymore).
   (Jani)
+- Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters).
+  (Ilia)

 ?? ??? 2009, PHP 5.3.1
 - Upgraded bundled sqlite to version 3.6.17. (Scott)

Modified: php/php-src/branches/PHP_5_3/ext/filter/sanitizing_filters.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/filter/sanitizing_filters.c        
2009-09-06 22:01:18 UTC (rev 288116)
+++ php/php-src/branches/PHP_5_3/ext/filter/sanitizing_filters.c        
2009-09-07 02:35:25 UTC (rev 288117)
@@ -275,7 +275,7 @@
 void php_filter_email(PHP_INPUT_FILTER_PARAM_DECL)
 {
        /* Check section 6 of rfc 822 http://www.faqs.org/rfcs/rfc822.html */
-       const unsigned char allowed_list[] = LOWALPHA HIALPHA DIGIT 
"!#$%&'*+-/=?^_`{|}...@.[]";
+       const unsigned char allowed_list[] = LOWALPHA HIALPHA DIGIT 
"!#$%&'*+-=?^_`{|}...@.[]";
        filter_map     map;

        filter_map_init(&map);

Modified: php/php-src/trunk/ext/filter/sanitizing_filters.c
===================================================================
--- php/php-src/trunk/ext/filter/sanitizing_filters.c   2009-09-06 22:01:18 UTC 
(rev 288116)
+++ php/php-src/trunk/ext/filter/sanitizing_filters.c   2009-09-07 02:35:25 UTC 
(rev 288117)
@@ -275,7 +275,7 @@
 void php_filter_email(PHP_INPUT_FILTER_PARAM_DECL)
 {
        /* Check section 6 of rfc 822 http://www.faqs.org/rfcs/rfc822.html */
-       const unsigned char allowed_list[] = LOWALPHA HIALPHA DIGIT 
"!#$%&'*+-/=?^_`{|}...@.[]";
+       const unsigned char allowed_list[] = LOWALPHA HIALPHA DIGIT 
"!#$%&'*+-=?^_`{|}...@.[]";
        filter_map     map;

        filter_map_init(&map);



--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to