[arch-projects] [PATCH] valid_email :: check all sorts of stuff, as described by: http://www.linuxjournal.com/article/9585
Lukas Fleischer
archlinux at cryptocrack.de
Mon Mar 19 16:06:59 EDT 2012
The AUR has a separate development mailing list (aur-dev). I will
comment on your patch here but please send further patches to aur-dev.
Thanks!
On Mon, Mar 19, 2012 at 08:39:03PM +0100, BlackEagle wrote:
> Signed-off-by: BlackEagle <ike.devolder at gmail.com>
> ---
> web/lib/aur.inc.php | 48 +++++++++++++++++++++++++++++++++++++++++++++++-
> 1 file changed, 47 insertions(+), 1 deletion(-)
>
> diff --git a/web/lib/aur.inc.php b/web/lib/aur.inc.php
> index c662b80..9b604fe 100644
> --- a/web/lib/aur.inc.php
> +++ b/web/lib/aur.inc.php
> @@ -80,7 +80,53 @@ function check_sid($dbh=NULL) {
> # verify that an email address looks like it is legitimate
> #
> function valid_email($addy) {
> - return (filter_var($addy, FILTER_VALIDATE_EMAIL) !== false);
> + $isValid = true;
> + $atIndex = strrpos($addy, "@");
> + if (is_bool($atIndex) && !$atIndex) {
> + $isValid = false;
> + } else {
> + $domain = substr($addy, $atIndex+1);
> + $local = substr($addy, 0, $atIndex);
> + $localLen = strlen($local);
> + $domainLen = strlen($domain);
> + if ($localLen < 1 || $localLen > 64) {
> + // local part length exceeded
> + $isValid = false;
> + } elseif ($domainLen < 1 || $domainLen > 255) {
> + // domain part length exceeded
> + $isValid = false;
> + } elseif ($local[0] == '.' || $local[$localLen-1] == '.') {
> + // local part starts or ends with '.'
> + $isValid = false;
> + } elseif (preg_match('/\\.\\./', $local)) {
> + // local part has two consecutive dots
> + $isValid = false;
> + } elseif (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain)) {
> + // character not valid in domain part
> + $isValid = false;
> + } elseif (preg_match('/\\.\\./', $domain)) {
> + // domain part has two consecutive dots
> + $isValid = false;
> + } elseif (
> + !preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/',
> + str_replace("\\\\","",$local))
> + ) {
> + // character not valid in local part unless
> + // local part is quoted
> + if (
> + !preg_match('/^"(\\\\"|[^"])+"$/',
> + str_replace("\\\\","",$local))
> + ) {
> + $isValid = false;
> + }
> + }
Thanks for coding this up, but what's the rationale behind it? Doesn't
the FILTER_VALIDATE_EMAIL filter run most (all?) of these checks? I
don't think we should try to be more clever than filter_var() here...
> +
> + if ($isValid && !(checkdnsrr($domain,"MX") || checkdnsrr($domain,"A"))) {
> + // domain not found in DNS
> + $isValid = false;
> + }
This makes more sense to me but again, I don't really think this is
useful/effective... Any spammers could just continue using random mail
addresses as long as they provide "valid" domains (e.g. they could just
use "$random_foo at archlinux.org"). If we really want to check mail
addresses for validity, we probably need to send verification mails.
> + }
> + return $isValid;
> }
>
> # a new seed value for mt_srand()
> --
> 1.7.9.4
More information about the arch-projects
mailing list