diff options
| author | Harald Eilertsen <haraldei@anduin.net> | 2024-01-08 11:16:45 +0100 |
|---|---|---|
| committer | Harald Eilertsen <haraldei@anduin.net> | 2024-01-15 19:52:31 +0100 |
| commit | 403539919a9a5b1e3e2ac9725a3b8b17403b2935 (patch) | |
| tree | 1f08b6b3acd2613f9ffca09574d6868e55a6f6c3 /include/network.php | |
| parent | 52ea2fa33e0fb4e6d288f15a12fc1d5e5f80a801 (diff) | |
| download | volse-hubzilla-403539919a9a5b1e3e2ac9725a3b8b17403b2935.tar.gz volse-hubzilla-403539919a9a5b1e3e2ac9725a3b8b17403b2935.tar.bz2 volse-hubzilla-403539919a9a5b1e3e2ac9725a3b8b17403b2935.zip | |
Improve the validate_email function
The validate_email function relied on doing an actual domain lookup (on
supported platforms) to validate the domain of the email address. This
does not work too well in testing environments where we may not want to
spam the DNS system, if it at all is available.
Apart from the the function did very little to actually verify that it
was a valid email address.
This patch tries to change that by usng a somewhat stricted regex based
validation. While this may not be perfect, it should be good enough in
the vast majority of cases. For platforms where no validation was
performed with the old version, it will at least be an improvement.
Also, it allows testing without having an external network connection.
Also clarify the doc comment, that it does not actually try to resolve
the email address, just the domain.
Diffstat (limited to 'include/network.php')
| -rw-r--r-- | include/network.php | 27 |
1 files changed, 17 insertions, 10 deletions
diff --git a/include/network.php b/include/network.php index f5c5303b3..c5411e702 100644 --- a/include/network.php +++ b/include/network.php @@ -591,23 +591,30 @@ function validate_url(&$url) { } /** - * @brief Checks that email is an actual resolvable internet address. + * @brief Checks that email is valid, and that the domain resolves. * - * @param string $addr - * @return boolean + * Note: This does not try to check that the actual email address will resolve, + * only the domain! + * + * @param string $addr The email address to validate. + * @return boolean True if email is valid, false otherwise. */ -function validate_email($addr) { +function validate_email(string $addr): bool { if(get_config('system', 'disable_email_validation')) return true; - if(! strpos($addr, '@')) - return false; - - $h = substr($addr, strpos($addr, '@') + 1); + $matches = array(); + $result = preg_match( + '/^[A-Z0-9._%-]+@([A-Z0-9.-]+\.[A-Z0-9-]{2,})$/i', + punify($addr), + $matches); - if(($h) && z_dns_check($h, true)) { - return true; + if($result) { + $domain = $matches[1]; + if(($domain) && z_dns_check($domain, true)) { + return true; + } } return false; |