diff options
-rw-r--r-- | system/libraries/Form_validation.php | 4 | ||||
-rw-r--r-- | tests/codeigniter/libraries/Form_validation_test.php | 2 | ||||
-rw-r--r-- | user_guide_src/source/changelog.rst | 4 |
3 files changed, 7 insertions, 3 deletions
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php index 4f679a17f..71d0e64b1 100644 --- a/system/libraries/Form_validation.php +++ b/system/libraries/Form_validation.php @@ -1229,9 +1229,9 @@ class CI_Form_validation { */ public function valid_email($str) { - if (function_exists('idn_to_ascii') && sscanf($str, '%[^@]@%s', $name, $domain) === 2) + if (function_exists('idn_to_ascii') && preg_match('#\A([^@]+)@(.+)\z#', $str, $matches)) { - $str = $name.'@'.idn_to_ascii($domain); + $str = $matches[1].'@'.idn_to_ascii($matches[2]); } return (bool) filter_var($str, FILTER_VALIDATE_EMAIL); diff --git a/tests/codeigniter/libraries/Form_validation_test.php b/tests/codeigniter/libraries/Form_validation_test.php index 0815300e6..c9c404b43 100644 --- a/tests/codeigniter/libraries/Form_validation_test.php +++ b/tests/codeigniter/libraries/Form_validation_test.php @@ -270,7 +270,7 @@ class Form_validation_test extends CI_TestCase { public function test_rule_valid_email() { $this->assertTrue($this->form_validation->valid_email('email@sample.com')); - + $this->assertFalse($this->form_validation->valid_email('email@sample.com foo bar')); $this->assertFalse($this->form_validation->valid_email('valid_email', '@sample.com')); } diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst index 362cd8c84..4695edc72 100644 --- a/user_guide_src/source/changelog.rst +++ b/user_guide_src/source/changelog.rst @@ -7,6 +7,10 @@ Version 3.1.5 Release Date: Not Released +- **Security** + + - :doc:`Form Validation Library <libraries/form_validation>` rule ``valid_email`` could be bypassed if ``idn_to_ascii()`` is available. + - General Changes - Updated :doc:`Form Helper <helpers/form_helper>` function :php:func:`form_label()` to accept HTML attributes as a string. |