@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Add rough validation on email addresses

Summary: Put a very rough filter on what we'll accept as an email address. We can expand this if anyone is actually using local delivery or other weird things. This is mostly to avoid a theoretical case where some input is parsed differently by `PhutilAddressParser` and the actual mail adapter, in some subtle hypothetical way. This should give us only "reasonable" email addresses which parsers would be hard-pressed to trip up on.

Test Plan: Added and executed unit tests. Tried to add silly emails. Added valid emails.

Reviewers: btrahan, arice

Reviewed By: arice

CC: arice, chad, aran

Differential Revision: https://secure.phabricator.com/D8320

+62 -1
+2
src/__phutil_library_map__.php
··· 2177 2177 'PhabricatorUserEditor' => 'applications/people/editor/PhabricatorUserEditor.php', 2178 2178 'PhabricatorUserEditorTestCase' => 'applications/people/editor/__tests__/PhabricatorUserEditorTestCase.php', 2179 2179 'PhabricatorUserEmail' => 'applications/people/storage/PhabricatorUserEmail.php', 2180 + 'PhabricatorUserEmailTestCase' => 'applications/people/storage/__tests__/PhabricatorUserEmailTestCase.php', 2180 2181 'PhabricatorUserLog' => 'applications/people/storage/PhabricatorUserLog.php', 2181 2182 'PhabricatorUserPreferences' => 'applications/settings/storage/PhabricatorUserPreferences.php', 2182 2183 'PhabricatorUserProfile' => 'applications/people/storage/PhabricatorUserProfile.php', ··· 5000 5001 'PhabricatorUserEditor' => 'PhabricatorEditor', 5001 5002 'PhabricatorUserEditorTestCase' => 'PhabricatorTestCase', 5002 5003 'PhabricatorUserEmail' => 'PhabricatorUserDAO', 5004 + 'PhabricatorUserEmailTestCase' => 'PhabricatorTestCase', 5003 5005 'PhabricatorUserLog' => 'PhabricatorUserDAO', 5004 5006 'PhabricatorUserPreferences' => 'PhabricatorUserDAO', 5005 5007 'PhabricatorUserProfile' => 'PhabricatorUserDAO',
+19 -1
src/applications/people/storage/PhabricatorUserEmail.php
··· 37 37 return false; 38 38 } 39 39 40 + // Very roughly validate that this address isn't so mangled that a 41 + // reasonable piece of code might completely misparse it. In particular, 42 + // the major risks are: 43 + // 44 + // - `PhutilEmailAddress` needs to be able to extract the domain portion 45 + // from it. 46 + // - Reasonable mail adapters should be hard-pressed to interpret one 47 + // address as several addresses. 48 + // 49 + // To this end, we're roughly verifying that there's some normal text, an 50 + // "@" symbol, and then some more normal text. 51 + 52 + $email_regex = '(^[a-z0-9_+.!-]+@[a-z0-9_+:.-]+$)i'; 53 + if (!preg_match($email_regex, $address)) { 54 + return false; 55 + } 56 + 40 57 return true; 41 58 } 42 59 ··· 46 63 */ 47 64 public static function describeValidAddresses() { 48 65 return pht( 49 - 'The maximum length of an email address is %d character(s).', 66 + "Email addresses should be in the form 'user@domain.com'. The maximum ". 67 + "length of an email address is %d character(s).", 50 68 new PhutilNumber(self::MAX_ADDRESS_LENGTH)); 51 69 } 52 70
+41
src/applications/people/storage/__tests__/PhabricatorUserEmailTestCase.php
··· 1 + <?php 2 + 3 + final class PhabricatorUserEmailTestCase extends PhabricatorTestCase { 4 + 5 + public function testEmailValidation() { 6 + $tests = array( 7 + 'alincoln@whitehouse.gov' => true, 8 + '_-.@.-_' => true, 9 + '.@.com' => true, 10 + 'user+suffix@gmail.com' => true, 11 + 'IAMIMPORTANT@BUSINESS.COM' => true, 12 + '1@22.33.44.55' => true, 13 + '999@999.999' => true, 14 + 'user@2001:0db8:85a3:0042:1000:8a2e:0370:7334' => true, 15 + '!..!@o.O' => true, 16 + 17 + '' => false, 18 + str_repeat('a', 256).'@example.com' => false, 19 + 'quack' => false, 20 + '@gmail.com' => false, 21 + 'usergmail.com' => false, 22 + '"user" user@gmail.com' => false, 23 + 'a,b@evil.com' => false, 24 + 'a;b@evil.com' => false, 25 + 'ab@evil.com;cd@evil.com' => false, 26 + 'x@y@z.com' => false, 27 + '@@' => false, 28 + '@' => false, 29 + 'user@' => false, 30 + ); 31 + 32 + foreach ($tests as $input => $expect) { 33 + $actual = PhabricatorUserEmail::isValidAddress($input); 34 + $this->assertEqual( 35 + $expect, 36 + $actual, 37 + $input); 38 + } 39 + } 40 + 41 + }