View Issue Details

IDProjectCategoryView StatusLast Update
0017280mantisbtemailpublic2015-09-06 17:37
ReportergrangewayAssigned Todregad 
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version 
Target Version1.3.0-beta.3Fixed in Version1.3.0-beta.3 
Summary0017280: Email address validation function strips characters
Description

Currently, the email address validation function within Mantis validates a sanitized string:

$t_email = filter_var( $p_email, FILTER_SANITIZE_EMAIL );
if( PHPMailer::ValidateAddress( $t_email ) ) {

We should validate against the non-sanitized string to ensure that the email address sent for validation matches the email address entered by the user.

TagsNo tags attached.

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master 7cd2fa56

2015-04-16 18:34:25

dregad

Details Diff
Don't sanitize user email prior to validation

Before this, email_is_valid() validated a sanitized string (using
filter_var() with FILTER_SANITIZE_EMAIL).

We now validate the email exactly as it was entered by the user to
ensure we don't accept an address that was actually made valid by the
sanitization itself.

Fixes 0017280
mod - core/email_api.php Diff File

Issue History

Date Modified Username Field Change
2014-05-02 19:22 grangeway New Issue
2014-05-29 03:29 grangeway Assigned To => grangeway
2014-05-29 03:29 grangeway Status new => assigned
2014-11-07 17:14 atrol Assigned To grangeway =>
2014-11-07 17:14 atrol Status assigned => new
2014-11-07 17:14 atrol Description Updated View Revisions
2015-04-16 18:39 dregad Assigned To => dregad
2015-04-16 18:39 dregad Status new => assigned
2015-04-18 19:23 dregad Changeset attached => MantisBT master 7cd2fa56
2015-04-18 19:23 dregad Status assigned => resolved
2015-04-18 19:23 dregad Resolution open => fixed
2015-04-18 19:23 dregad Fixed in Version => 1.3.0-beta.3
2015-04-18 19:25 dregad Target Version => 1.3.0-beta.3
2015-09-06 17:37 vboctoradmin Status resolved => closed