View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0017280 | mantisbt | public | 2014-05-02 19:22 | 2015-09-06 17:37 | |
Reporter | grangeway | Assigned To | dregad | ||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | closed | Resolution | fixed | ||
Target Version | 1.3.0-beta.3 | Fixed in Version | 1.3.0-beta.3 | ||
Summary | 0017280: Email address validation function strips characters | ||||
Description | Currently, the email address validation function within Mantis validates a sanitized string: $t_email = filter_var( $p_email, FILTER_SANITIZE_EMAIL ); We should validate against the non-sanitized string to ensure that the email address sent for validation matches the email address entered by the user. | ||||
Tags | No tags attached. | ||||
MantisBT: master 7cd2fa56 2015-04-16 14:34 Details Diff |
Don't sanitize user email prior to validation Before this, email_is_valid() validated a sanitized string (using filter_var() with FILTER_SANITIZE_EMAIL). We now validate the email exactly as it was entered by the user to ensure we don't accept an address that was actually made valid by the sanitization itself. Fixes 0017280 |
Affected Issues 0017280 |
|
mod - core/email_api.php | Diff File |