summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--system/libraries/Form_validation.php4
-rw-r--r--tests/codeigniter/libraries/Form_validation_test.php2
-rw-r--r--user_guide_src/source/changelog.rst4
3 files changed, 7 insertions, 3 deletions
diff --git a/system/libraries/Form_validation.php b/system/libraries/Form_validation.php
index 4f679a17f..71d0e64b1 100644
--- a/system/libraries/Form_validation.php
+++ b/system/libraries/Form_validation.php
@@ -1229,9 +1229,9 @@ class CI_Form_validation {
*/
public function valid_email($str)
{
- if (function_exists('idn_to_ascii') && sscanf($str, '%[^@]@%s', $name, $domain) === 2)
+ if (function_exists('idn_to_ascii') && preg_match('#\A([^@]+)@(.+)\z#', $str, $matches))
{
- $str = $name.'@'.idn_to_ascii($domain);
+ $str = $matches[1].'@'.idn_to_ascii($matches[2]);
}
return (bool) filter_var($str, FILTER_VALIDATE_EMAIL);
diff --git a/tests/codeigniter/libraries/Form_validation_test.php b/tests/codeigniter/libraries/Form_validation_test.php
index 0815300e6..c9c404b43 100644
--- a/tests/codeigniter/libraries/Form_validation_test.php
+++ b/tests/codeigniter/libraries/Form_validation_test.php
@@ -270,7 +270,7 @@ class Form_validation_test extends CI_TestCase {
public function test_rule_valid_email()
{
$this->assertTrue($this->form_validation->valid_email('email@sample.com'));
-
+ $this->assertFalse($this->form_validation->valid_email('email@sample.com foo bar'));
$this->assertFalse($this->form_validation->valid_email('valid_email', '@sample.com'));
}
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index 362cd8c84..4695edc72 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -7,6 +7,10 @@ Version 3.1.5
Release Date: Not Released
+- **Security**
+
+ - :doc:`Form Validation Library <libraries/form_validation>` rule ``valid_email`` could be bypassed if ``idn_to_ascii()`` is available.
+
- General Changes
- Updated :doc:`Form Helper <helpers/form_helper>` function :php:func:`form_label()` to accept HTML attributes as a string.