[Svn] r3042 - in trunk/roundcubemail: . config plugins/managesieve program/include program/localization/en_US program/localization/pl_PL program/steps/mail

trac at roundcube.net trac at roundcube.net
Wed Oct 14 12:52:28 CEST 2009


Author: alec
Date: 2009-10-14 05:52:27 -0500 (Wed, 14 Oct 2009)
New Revision: 3042

Modified:
   trunk/roundcubemail/CHANGELOG
   trunk/roundcubemail/config/main.inc.php.dist
   trunk/roundcubemail/plugins/managesieve/managesieve.php
   trunk/roundcubemail/program/include/main.inc
   trunk/roundcubemail/program/localization/en_US/messages.inc
   trunk/roundcubemail/program/localization/pl_PL/messages.inc
   trunk/roundcubemail/program/steps/mail/sendmail.inc
Log:
- Added server-side e-mail address validation with 'email_dns_check' option (#1485857)


Modified: trunk/roundcubemail/CHANGELOG
===================================================================
--- trunk/roundcubemail/CHANGELOG	2009-10-14 09:01:51 UTC (rev 3041)
+++ trunk/roundcubemail/CHANGELOG	2009-10-14 10:52:27 UTC (rev 3042)
@@ -1,6 +1,7 @@
 CHANGELOG RoundCube Webmail
 ===========================
 
+- Added server-side e-mail address validation with 'email_dns_check' option (#1485857)
 - Fix login page loading into an iframe when session expires (#1485952)
 - added option 'force_https_port' in 'force_https' plugin (#1486091)
 - Option 'force_https' replaced by 'force_https' plugin

Modified: trunk/roundcubemail/config/main.inc.php.dist
===================================================================
--- trunk/roundcubemail/config/main.inc.php.dist	2009-10-14 09:01:51 UTC (rev 3041)
+++ trunk/roundcubemail/config/main.inc.php.dist	2009-10-14 10:52:27 UTC (rev 3042)
@@ -364,6 +364,9 @@
 // Must be less than 'session_lifetime'
 $rcmail_config['min_keep_alive'] = 60;
 
+// Enable DNS checking for e-mail address validation
+$rcmail_config['email_dns_check'] = false;
+
 /***** these settings can be overwritten by user's preferences *****/
 
 // skin name: folder from skins/

Modified: trunk/roundcubemail/plugins/managesieve/managesieve.php
===================================================================
--- trunk/roundcubemail/plugins/managesieve/managesieve.php	2009-10-14 09:01:51 UTC (rev 3041)
+++ trunk/roundcubemail/plugins/managesieve/managesieve.php	2009-10-14 10:52:27 UTC (rev 3042)
@@ -818,6 +818,9 @@
 
   private function check_email($email)
   {
+    if (function_exists('check_email'));
+      return check_email($email);
+
     // Check for invalid characters
     if (preg_match('/[\x00-\x1F\x7F-\xFF]/', $email))
       return false;

Modified: trunk/roundcubemail/program/include/main.inc
===================================================================
--- trunk/roundcubemail/program/include/main.inc	2009-10-14 09:01:51 UTC (rev 3041)
+++ trunk/roundcubemail/program/include/main.inc	2009-10-14 10:52:27 UTC (rev 3042)
@@ -1401,6 +1401,58 @@
 
 
 /**
+ * E-mail address validation
+ */
+function check_email($email)
+{
+  // Check for invalid characters
+  if (preg_match('/[\x00-\x1F\x7F-\xFF]/', $email))
+    return false;
+
+  // Check that there's one @ symbol, and that the lengths are right
+  if (!preg_match('/^([^@]{1,64})@([^@]{1,255})$/', $email, $email_array))
+    return false;
+
+  // Check local part
+  $local_array = explode('.', $email_array[1]);
+  foreach ($local_array as $local_part)
+    if (!preg_match('/^(([A-Za-z0-9!#$%&\'*+\/=?^_`{|}~-]+)|("[^"]+"))$/', $local_part))
+      return false;
+
+  // Check domain part
+  if (preg_match('/^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}$/', $email_array[2]) 
+      || preg_match('/^\[(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}\]$/', $email_array[2]))
+    return true; // If an IP address
+  else {
+    // If not an IP address
+    $domain_array = explode('.', $email_array[2]);
+    if (sizeof($domain_array) < 2)
+      return false; // Not enough parts to be a valid domain
+
+    foreach ($domain_array as $domain_part)
+      if (!preg_match('/^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]))$/', $domain_part))
+        return false;
+
+    if (!rcmail::get_instance()->config->get('email_dns_check'))
+      return true;
+
+    if (strtoupper(substr(PHP_OS, 0, 3)) == 'WIN' && version_compare(PHP_VERSION, '5.3.0', '<'))
+      return true;
+
+    // find MX record(s)
+    if (getmxrr($email_array[2], $mx_records))
+      return true;
+
+    // find any DNS record
+    if (checkdnsrr($email_array[2], 'ANY'))
+      return true;
+  }
+
+  return false;
+}
+
+
+/**
  * Helper class to turn relative urls into absolute ones
  * using a predefined base
  */

Modified: trunk/roundcubemail/program/localization/en_US/messages.inc
===================================================================
--- trunk/roundcubemail/program/localization/en_US/messages.inc	2009-10-14 09:01:51 UTC (rev 3041)
+++ trunk/roundcubemail/program/localization/en_US/messages.inc	2009-10-14 10:52:27 UTC (rev 3042)
@@ -106,5 +106,6 @@
 $messages['smtptoerror'] = 'SMTP Error ($code): Failed to add recipient "$to"';
 $messages['smtprecipientserror'] = 'SMTP Error: Unable to parse recipients list';
 $messages['smtperror'] = 'SMTP Error: $msg';
+$messages['emailformaterror'] = 'Incorrect e-mail address: $email';
 
 ?>

Modified: trunk/roundcubemail/program/localization/pl_PL/messages.inc
===================================================================
--- trunk/roundcubemail/program/localization/pl_PL/messages.inc	2009-10-14 09:01:51 UTC (rev 3041)
+++ trunk/roundcubemail/program/localization/pl_PL/messages.inc	2009-10-14 10:52:27 UTC (rev 3042)
@@ -110,5 +110,6 @@
 $messages['smtprecipientserror'] = 'Błąd SMTP: Parsowanie listy odbiorców nie powiodło się';
 $messages['smtperror'] = 'Błąd SMTP: $msg';
 $messages['invalidrequest'] = 'Błędne żądanie! Nie zapisano danych.';
+$messages['emailformaterror'] = 'Błędny adres e-mail: $email';
 
 ?>

Modified: trunk/roundcubemail/program/steps/mail/sendmail.inc
===================================================================
--- trunk/roundcubemail/program/steps/mail/sendmail.inc	2009-10-14 09:01:51 UTC (rev 3041)
+++ trunk/roundcubemail/program/steps/mail/sendmail.inc	2009-10-14 10:52:27 UTC (rev 3042)
@@ -151,6 +151,8 @@
 // parse email address input
 function rcmail_email_input_format($mailto)
 {
+  global $EMAIL_FORMAT_ERROR;
+
   $regexp = array('/[,;]\s*[\r\n]+/', '/[\r\n]+/', '/[,;]\s*$/m', '/;/', '/(\S{1})(<\S+@\S+>)/U');
   $replace = array(', ', ', ', '', ',', '\\1 \\2');
 
@@ -181,9 +183,17 @@
         $address = '<'.$address.'>';
 
       $result[] = $name.' '.$address;
+      $item = $address;
     } else if (trim($item)) {
-      // @TODO: handle errors
+      continue;
     }
+
+    // check address format
+    $item = trim($item, '<>');
+    if ($item && !check_email($item)) {
+      $EMAIL_FORMAT_ERROR = $item;
+      return;
+    }
   }
 
   return implode(', ', $result);
@@ -200,10 +210,17 @@
 $input_charset = $OUTPUT->get_charset();
 $message_charset = isset($_POST['_charset']) ? $_POST['_charset'] : $input_charset;
 
+$EMAIL_FORMAT_ERROR = NULL;
+
 $mailto = rcmail_email_input_format(get_input_value('_to', RCUBE_INPUT_POST, TRUE, $message_charset));
 $mailcc = rcmail_email_input_format(get_input_value('_cc', RCUBE_INPUT_POST, TRUE, $message_charset));
 $mailbcc = rcmail_email_input_format(get_input_value('_bcc', RCUBE_INPUT_POST, TRUE, $message_charset));
 
+if ($EMAIL_FORMAT_ERROR) {
+  $OUTPUT->show_message('emailformaterror', 'error', array('email' => $EMAIL_FORMAT_ERROR)); 
+  $OUTPUT->send('iframe');
+}
+
 if (empty($mailto) && !empty($mailcc)) {
   $mailto = $mailcc;
   $mailcc = null;

_______________________________________________
http://lists.roundcube.net/mailman/listinfo/svn


More information about the Svn mailing list