iliaa Mon, 07 Sep 2009 02:35:25 +0000 Revision: http://svn.php.net/viewvc?view=revision&revision=288117
Log: Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters). Bug: http://bugs.php.net/49470 (Verified) FILTER_SANITIZE_EMAIL does not work Changed paths: U php/php-src/branches/PHP_5_2/NEWS U php/php-src/branches/PHP_5_2/ext/filter/sanitizing_filters.c U php/php-src/branches/PHP_5_3/NEWS U php/php-src/branches/PHP_5_3/ext/filter/sanitizing_filters.c U php/php-src/trunk/ext/filter/sanitizing_filters.c Modified: php/php-src/branches/PHP_5_2/NEWS =================================================================== --- php/php-src/branches/PHP_5_2/NEWS 2009-09-06 22:01:18 UTC (rev 288116) +++ php/php-src/branches/PHP_5_2/NEWS 2009-09-07 02:35:25 UTC (rev 288117) @@ -1,11 +1,11 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| 0? Sep 2009, PHP 5.2.11 -- Fixed bug #48060 (pdo_pgsql - large objects are returned as empty). (Matteo) +- Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters). - Fixed bug #49447 (php engine needs to correctly check for socket API return status on windows). (Sriram Natarajan) +- Fixed bug #48060 (pdo_pgsql - large objects are returned as empty). (Matteo) - 03 Sep 2009, PHP 5.2.11RC2 - Added missing sanity checks around exif processing. (Ilia) Modified: php/php-src/branches/PHP_5_2/ext/filter/sanitizing_filters.c =================================================================== --- php/php-src/branches/PHP_5_2/ext/filter/sanitizing_filters.c 2009-09-06 22:01:18 UTC (rev 288116) +++ php/php-src/branches/PHP_5_2/ext/filter/sanitizing_filters.c 2009-09-07 02:35:25 UTC (rev 288117) @@ -275,7 +275,7 @@ void php_filter_email(PHP_INPUT_FILTER_PARAM_DECL) { /* Check section 6 of rfc 822 http://www.faqs.org/rfcs/rfc822.html */ - const unsigned char allowed_list[] = LOWALPHA HIALPHA DIGIT "!#$%&'*+-/=?^_`{|}...@.[]"; + const unsigned char allowed_list[] = LOWALPHA HIALPHA DIGIT "!#$%&'*+-=?^_`{|}...@.[]"; filter_map map; filter_map_init(&map); Modified: php/php-src/branches/PHP_5_3/NEWS =================================================================== --- php/php-src/branches/PHP_5_3/NEWS 2009-09-06 22:01:18 UTC (rev 288116) +++ php/php-src/branches/PHP_5_3/NEWS 2009-09-07 02:35:25 UTC (rev 288117) @@ -5,6 +5,8 @@ ?? ??? 2009, PHP 5.3.1RC? - Restored shebang line check to CGI sapi (not checked by scanner anymore). (Jani) +- Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters). + (Ilia) ?? ??? 2009, PHP 5.3.1 - Upgraded bundled sqlite to version 3.6.17. (Scott) Modified: php/php-src/branches/PHP_5_3/ext/filter/sanitizing_filters.c =================================================================== --- php/php-src/branches/PHP_5_3/ext/filter/sanitizing_filters.c 2009-09-06 22:01:18 UTC (rev 288116) +++ php/php-src/branches/PHP_5_3/ext/filter/sanitizing_filters.c 2009-09-07 02:35:25 UTC (rev 288117) @@ -275,7 +275,7 @@ void php_filter_email(PHP_INPUT_FILTER_PARAM_DECL) { /* Check section 6 of rfc 822 http://www.faqs.org/rfcs/rfc822.html */ - const unsigned char allowed_list[] = LOWALPHA HIALPHA DIGIT "!#$%&'*+-/=?^_`{|}...@.[]"; + const unsigned char allowed_list[] = LOWALPHA HIALPHA DIGIT "!#$%&'*+-=?^_`{|}...@.[]"; filter_map map; filter_map_init(&map); Modified: php/php-src/trunk/ext/filter/sanitizing_filters.c =================================================================== --- php/php-src/trunk/ext/filter/sanitizing_filters.c 2009-09-06 22:01:18 UTC (rev 288116) +++ php/php-src/trunk/ext/filter/sanitizing_filters.c 2009-09-07 02:35:25 UTC (rev 288117) @@ -275,7 +275,7 @@ void php_filter_email(PHP_INPUT_FILTER_PARAM_DECL) { /* Check section 6 of rfc 822 http://www.faqs.org/rfcs/rfc822.html */ - const unsigned char allowed_list[] = LOWALPHA HIALPHA DIGIT "!#$%&'*+-/=?^_`{|}...@.[]"; + const unsigned char allowed_list[] = LOWALPHA HIALPHA DIGIT "!#$%&'*+-=?^_`{|}...@.[]"; filter_map map; filter_map_init(&map);
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php