1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-01 19:22:42 +01:00

Add rough validation on email addresses

Summary: Put a very rough filter on what we'll accept as an email address. We can expand this if anyone is actually using local delivery or other weird things. This is mostly to avoid a theoretical case where some input is parsed differently by `PhutilAddressParser` and the actual mail adapter, in some subtle hypothetical way. This should give us only "reasonable" email addresses which parsers would be hard-pressed to trip up on.

Test Plan: Added and executed unit tests. Tried to add silly emails. Added valid emails.

Reviewers: btrahan, arice

Reviewed By: arice

CC: arice, chad, aran

Differential Revision: https://secure.phabricator.com/D8320
This commit is contained in:
epriestley 2014-02-23 17:31:46 -08:00
parent a566ae3730
commit f49470f9bf
3 changed files with 62 additions and 1 deletions

View file

@ -2177,6 +2177,7 @@ phutil_register_library_map(array(
'PhabricatorUserEditor' => 'applications/people/editor/PhabricatorUserEditor.php', 'PhabricatorUserEditor' => 'applications/people/editor/PhabricatorUserEditor.php',
'PhabricatorUserEditorTestCase' => 'applications/people/editor/__tests__/PhabricatorUserEditorTestCase.php', 'PhabricatorUserEditorTestCase' => 'applications/people/editor/__tests__/PhabricatorUserEditorTestCase.php',
'PhabricatorUserEmail' => 'applications/people/storage/PhabricatorUserEmail.php', 'PhabricatorUserEmail' => 'applications/people/storage/PhabricatorUserEmail.php',
'PhabricatorUserEmailTestCase' => 'applications/people/storage/__tests__/PhabricatorUserEmailTestCase.php',
'PhabricatorUserLog' => 'applications/people/storage/PhabricatorUserLog.php', 'PhabricatorUserLog' => 'applications/people/storage/PhabricatorUserLog.php',
'PhabricatorUserPreferences' => 'applications/settings/storage/PhabricatorUserPreferences.php', 'PhabricatorUserPreferences' => 'applications/settings/storage/PhabricatorUserPreferences.php',
'PhabricatorUserProfile' => 'applications/people/storage/PhabricatorUserProfile.php', 'PhabricatorUserProfile' => 'applications/people/storage/PhabricatorUserProfile.php',
@ -5000,6 +5001,7 @@ phutil_register_library_map(array(
'PhabricatorUserEditor' => 'PhabricatorEditor', 'PhabricatorUserEditor' => 'PhabricatorEditor',
'PhabricatorUserEditorTestCase' => 'PhabricatorTestCase', 'PhabricatorUserEditorTestCase' => 'PhabricatorTestCase',
'PhabricatorUserEmail' => 'PhabricatorUserDAO', 'PhabricatorUserEmail' => 'PhabricatorUserDAO',
'PhabricatorUserEmailTestCase' => 'PhabricatorTestCase',
'PhabricatorUserLog' => 'PhabricatorUserDAO', 'PhabricatorUserLog' => 'PhabricatorUserDAO',
'PhabricatorUserPreferences' => 'PhabricatorUserDAO', 'PhabricatorUserPreferences' => 'PhabricatorUserDAO',
'PhabricatorUserProfile' => 'PhabricatorUserDAO', 'PhabricatorUserProfile' => 'PhabricatorUserDAO',

View file

@ -37,6 +37,23 @@ final class PhabricatorUserEmail extends PhabricatorUserDAO {
return false; return false;
} }
// Very roughly validate that this address isn't so mangled that a
// reasonable piece of code might completely misparse it. In particular,
// the major risks are:
//
// - `PhutilEmailAddress` needs to be able to extract the domain portion
// from it.
// - Reasonable mail adapters should be hard-pressed to interpret one
// address as several addresses.
//
// To this end, we're roughly verifying that there's some normal text, an
// "@" symbol, and then some more normal text.
$email_regex = '(^[a-z0-9_+.!-]+@[a-z0-9_+:.-]+$)i';
if (!preg_match($email_regex, $address)) {
return false;
}
return true; return true;
} }
@ -46,7 +63,8 @@ final class PhabricatorUserEmail extends PhabricatorUserDAO {
*/ */
public static function describeValidAddresses() { public static function describeValidAddresses() {
return pht( return pht(
'The maximum length of an email address is %d character(s).', "Email addresses should be in the form 'user@domain.com'. The maximum ".
"length of an email address is %d character(s).",
new PhutilNumber(self::MAX_ADDRESS_LENGTH)); new PhutilNumber(self::MAX_ADDRESS_LENGTH));
} }

View file

@ -0,0 +1,41 @@
<?php
final class PhabricatorUserEmailTestCase extends PhabricatorTestCase {
public function testEmailValidation() {
$tests = array(
'alincoln@whitehouse.gov' => true,
'_-.@.-_' => true,
'.@.com' => true,
'user+suffix@gmail.com' => true,
'IAMIMPORTANT@BUSINESS.COM' => true,
'1@22.33.44.55' => true,
'999@999.999' => true,
'user@2001:0db8:85a3:0042:1000:8a2e:0370:7334' => true,
'!..!@o.O' => true,
'' => false,
str_repeat('a', 256).'@example.com' => false,
'quack' => false,
'@gmail.com' => false,
'usergmail.com' => false,
'"user" user@gmail.com' => false,
'a,b@evil.com' => false,
'a;b@evil.com' => false,
'ab@evil.com;cd@evil.com' => false,
'x@y@z.com' => false,
'@@' => false,
'@' => false,
'user@' => false,
);
foreach ($tests as $input => $expect) {
$actual = PhabricatorUserEmail::isValidAddress($input);
$this->assertEqual(
$expect,
$actual,
$input);
}
}
}