aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorHarald Eilertsen <haraldei@anduin.net>2024-01-08 11:16:45 +0100
committerHarald Eilertsen <haraldei@anduin.net>2024-01-15 19:52:31 +0100
commit403539919a9a5b1e3e2ac9725a3b8b17403b2935 (patch)
tree1f08b6b3acd2613f9ffca09574d6868e55a6f6c3 /include
parent52ea2fa33e0fb4e6d288f15a12fc1d5e5f80a801 (diff)
downloadvolse-hubzilla-403539919a9a5b1e3e2ac9725a3b8b17403b2935.tar.gz
volse-hubzilla-403539919a9a5b1e3e2ac9725a3b8b17403b2935.tar.bz2
volse-hubzilla-403539919a9a5b1e3e2ac9725a3b8b17403b2935.zip
Improve the validate_email function
The validate_email function relied on doing an actual domain lookup (on supported platforms) to validate the domain of the email address. This does not work too well in testing environments where we may not want to spam the DNS system, if it at all is available. Apart from the the function did very little to actually verify that it was a valid email address. This patch tries to change that by usng a somewhat stricted regex based validation. While this may not be perfect, it should be good enough in the vast majority of cases. For platforms where no validation was performed with the old version, it will at least be an improvement. Also, it allows testing without having an external network connection. Also clarify the doc comment, that it does not actually try to resolve the email address, just the domain.
Diffstat (limited to 'include')
-rw-r--r--include/network.php27
1 files changed, 17 insertions, 10 deletions
diff --git a/include/network.php b/include/network.php
index f5c5303b3..c5411e702 100644
--- a/include/network.php
+++ b/include/network.php
@@ -591,23 +591,30 @@ function validate_url(&$url) {
}
/**
- * @brief Checks that email is an actual resolvable internet address.
+ * @brief Checks that email is valid, and that the domain resolves.
*
- * @param string $addr
- * @return boolean
+ * Note: This does not try to check that the actual email address will resolve,
+ * only the domain!
+ *
+ * @param string $addr The email address to validate.
+ * @return boolean True if email is valid, false otherwise.
*/
-function validate_email($addr) {
+function validate_email(string $addr): bool {
if(get_config('system', 'disable_email_validation'))
return true;
- if(! strpos($addr, '@'))
- return false;
-
- $h = substr($addr, strpos($addr, '@') + 1);
+ $matches = array();
+ $result = preg_match(
+ '/^[A-Z0-9._%-]+@([A-Z0-9.-]+\.[A-Z0-9-]{2,})$/i',
+ punify($addr),
+ $matches);
- if(($h) && z_dns_check($h, true)) {
- return true;
+ if($result) {
+ $domain = $matches[1];
+ if(($domain) && z_dns_check($domain, true)) {
+ return true;
+ }
}
return false;