mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-26 00:32:42 +01:00
Add rough validation on email addresses
Summary: Put a very rough filter on what we'll accept as an email address. We can expand this if anyone is actually using local delivery or other weird things. This is mostly to avoid a theoretical case where some input is parsed differently by `PhutilAddressParser` and the actual mail adapter, in some subtle hypothetical way. This should give us only "reasonable" email addresses which parsers would be hard-pressed to trip up on. Test Plan: Added and executed unit tests. Tried to add silly emails. Added valid emails. Reviewers: btrahan, arice Reviewed By: arice CC: arice, chad, aran Differential Revision: https://secure.phabricator.com/D8320
This commit is contained in:
parent
a566ae3730
commit
f49470f9bf
3 changed files with 62 additions and 1 deletions
|
@ -2177,6 +2177,7 @@ phutil_register_library_map(array(
|
|||
'PhabricatorUserEditor' => 'applications/people/editor/PhabricatorUserEditor.php',
|
||||
'PhabricatorUserEditorTestCase' => 'applications/people/editor/__tests__/PhabricatorUserEditorTestCase.php',
|
||||
'PhabricatorUserEmail' => 'applications/people/storage/PhabricatorUserEmail.php',
|
||||
'PhabricatorUserEmailTestCase' => 'applications/people/storage/__tests__/PhabricatorUserEmailTestCase.php',
|
||||
'PhabricatorUserLog' => 'applications/people/storage/PhabricatorUserLog.php',
|
||||
'PhabricatorUserPreferences' => 'applications/settings/storage/PhabricatorUserPreferences.php',
|
||||
'PhabricatorUserProfile' => 'applications/people/storage/PhabricatorUserProfile.php',
|
||||
|
@ -5000,6 +5001,7 @@ phutil_register_library_map(array(
|
|||
'PhabricatorUserEditor' => 'PhabricatorEditor',
|
||||
'PhabricatorUserEditorTestCase' => 'PhabricatorTestCase',
|
||||
'PhabricatorUserEmail' => 'PhabricatorUserDAO',
|
||||
'PhabricatorUserEmailTestCase' => 'PhabricatorTestCase',
|
||||
'PhabricatorUserLog' => 'PhabricatorUserDAO',
|
||||
'PhabricatorUserPreferences' => 'PhabricatorUserDAO',
|
||||
'PhabricatorUserProfile' => 'PhabricatorUserDAO',
|
||||
|
|
|
@ -37,6 +37,23 @@ final class PhabricatorUserEmail extends PhabricatorUserDAO {
|
|||
return false;
|
||||
}
|
||||
|
||||
// Very roughly validate that this address isn't so mangled that a
|
||||
// reasonable piece of code might completely misparse it. In particular,
|
||||
// the major risks are:
|
||||
//
|
||||
// - `PhutilEmailAddress` needs to be able to extract the domain portion
|
||||
// from it.
|
||||
// - Reasonable mail adapters should be hard-pressed to interpret one
|
||||
// address as several addresses.
|
||||
//
|
||||
// To this end, we're roughly verifying that there's some normal text, an
|
||||
// "@" symbol, and then some more normal text.
|
||||
|
||||
$email_regex = '(^[a-z0-9_+.!-]+@[a-z0-9_+:.-]+$)i';
|
||||
if (!preg_match($email_regex, $address)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -46,7 +63,8 @@ final class PhabricatorUserEmail extends PhabricatorUserDAO {
|
|||
*/
|
||||
public static function describeValidAddresses() {
|
||||
return pht(
|
||||
'The maximum length of an email address is %d character(s).',
|
||||
"Email addresses should be in the form 'user@domain.com'. The maximum ".
|
||||
"length of an email address is %d character(s).",
|
||||
new PhutilNumber(self::MAX_ADDRESS_LENGTH));
|
||||
}
|
||||
|
||||
|
|
|
@ -0,0 +1,41 @@
|
|||
<?php
|
||||
|
||||
final class PhabricatorUserEmailTestCase extends PhabricatorTestCase {
|
||||
|
||||
public function testEmailValidation() {
|
||||
$tests = array(
|
||||
'alincoln@whitehouse.gov' => true,
|
||||
'_-.@.-_' => true,
|
||||
'.@.com' => true,
|
||||
'user+suffix@gmail.com' => true,
|
||||
'IAMIMPORTANT@BUSINESS.COM' => true,
|
||||
'1@22.33.44.55' => true,
|
||||
'999@999.999' => true,
|
||||
'user@2001:0db8:85a3:0042:1000:8a2e:0370:7334' => true,
|
||||
'!..!@o.O' => true,
|
||||
|
||||
'' => false,
|
||||
str_repeat('a', 256).'@example.com' => false,
|
||||
'quack' => false,
|
||||
'@gmail.com' => false,
|
||||
'usergmail.com' => false,
|
||||
'"user" user@gmail.com' => false,
|
||||
'a,b@evil.com' => false,
|
||||
'a;b@evil.com' => false,
|
||||
'ab@evil.com;cd@evil.com' => false,
|
||||
'x@y@z.com' => false,
|
||||
'@@' => false,
|
||||
'@' => false,
|
||||
'user@' => false,
|
||||
);
|
||||
|
||||
foreach ($tests as $input => $expect) {
|
||||
$actual = PhabricatorUserEmail::isValidAddress($input);
|
||||
$this->assertEqual(
|
||||
$expect,
|
||||
$actual,
|
||||
$input);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in a new issue