From a6740457370a60e26f3f90566ee1c01dcf0f4f33 Mon Sep 17 00:00:00 2001 From: Happy-melon Date: Mon, 18 Apr 2011 23:16:53 +0000 Subject: [PATCH] Move User::isValidEmailAddr() to Sanitizer. --- includes/Sanitizer.php | 50 ++++++++++++++++++++++++++++++++++++++++++ includes/User.php | 23 ++----------------- 2 files changed, 52 insertions(+), 21 deletions(-) diff --git a/includes/Sanitizer.php b/includes/Sanitizer.php index 401d50f179..09fc8d1a67 100644 --- a/includes/Sanitizer.php +++ b/includes/Sanitizer.php @@ -1569,4 +1569,54 @@ class Sanitizer { static function cleanUrlCallback( $matches ) { return urlencode( $matches[0] ); } + + /** + * Does a string look like an e-mail address? + * + * This validates an email address using an HTML5 specification found at: + * http://www.whatwg.org/specs/web-apps/current-work/multipage/states-of-the-type-attribute.html#valid-e-mail-address + * Which as of 2011-01-24 says: + * + * A valid e-mail address is a string that matches the ABNF production + * 1*( atext / "." ) "@" ldh-str *( "." ldh-str ) where atext is defined + * in RFC 5322 section 3.2.3, and ldh-str is defined in RFC 1034 section + * 3.5. + * + * This function is an implementation of the specification as requested in + * bug 22449. + * + * Client-side forms will use the same standard validation rules via JS or + * HTML 5 validation; additional restrictions can be enforced server-side + * by extensions via the 'isValidEmailAddr' hook. + * + * Note that this validation doesn't 100% match RFC 2822, but is believed + * to be liberal enough for wide use. Some invalid addresses will still + * pass validation here. + * + * @param $addr String E-mail address + * @return Bool + */ + public static function validateEmail( $addr ) { + $result = null; + if( !wfRunHooks( 'isValidEmailAddr', array( $addr, &$result ) ) ) { + return $result; + } + + // Please note strings below are enclosed in brackets [], this make the + // hyphen "-" a range indicator. Hence it is double backslashed below. + // See bug 26948 + $rfc5322_atext = "a-z0-9!#$%&'*+\\-\/=?^_`{|}~" ; + $rfc1034_ldh_str = "a-z0-9\\-" ; + + $HTML5_email_regexp = "/ + ^ # start of string + [$rfc5322_atext\\.]+ # user part which is liberal :p + @ # 'apostrophe' + [$rfc1034_ldh_str]+ # First domain part + (\\.[$rfc1034_ldh_str]+)* # Following part prefixed with a dot + $ # End of string + /ix" ; // case Insensitive, eXtended + + return (bool) preg_match( $HTML5_email_regexp, $addr ); + } } diff --git a/includes/User.php b/includes/User.php index 4f539a293d..cf591303ae 100644 --- a/includes/User.php +++ b/includes/User.php @@ -687,29 +687,10 @@ class User { * * @param $addr String E-mail address * @return Bool + * @deprecated since 1.18 call Sanitizer::isValidEmail() directly */ public static function isValidEmailAddr( $addr ) { - $result = null; - if( !wfRunHooks( 'isValidEmailAddr', array( $addr, &$result ) ) ) { - return $result; - } - - // Please note strings below are enclosed in brackets [], this make the - // hyphen "-" a range indicator. Hence it is double backslashed below. - // See bug 26948 - $rfc5322_atext = "a-z0-9!#$%&'*+\\-\/=?^_`{|}~" ; - $rfc1034_ldh_str = "a-z0-9\\-" ; - - $HTML5_email_regexp = "/ - ^ # start of string - [$rfc5322_atext\\.]+ # user part which is liberal :p - @ # 'apostrophe' - [$rfc1034_ldh_str]+ # First domain part - (\\.[$rfc1034_ldh_str]+)* # Following part prefixed with a dot - $ # End of string - /ix" ; // case Insensitive, eXtended - - return (bool) preg_match( $HTML5_email_regexp, $addr ); + return Sanitizer::isValidEmail( $addr ); } /** -- 2.20.1