Bug 1615280: More robust email validation

Because all of our emails need to pass PHPMailer's validation method before they get sent (due to the way PHPMailer is written) it makes the most sense to use that for validation. Change-Id: I232ab9496ce8fc295a49625c999b48215305216c behatnotneeded: Covered by phpunit

Bug 1615280: More robust email validation
Because all of our emails need to pass PHPMailer's validation method before they get sent (due to the way PHPMailer is written) it makes the most sense to use that for validation. Change-Id: I232ab9496ce8fc295a49625c999b48215305216c behatnotneeded: Covered by phpunit
1192c05d · Aaron Wells · dd298338 · 1192c05d · 1192c05d · 1192c05d
Commit 1192c05d authored Aug 22, 2016 by Aaron Wells
5 changed files
--- a/htdocs/admin/users/uploadcsv.php
+++ b/htdocs/admin/users/uploadcsv.php
@@ -15,7 +15,6 @@ define('MENUITEM', 'configusers/uploadcsv');
 require(dirname(dirname(dirname(__FILE__))) . '/init.php');
 define('TITLE', get_string('uploadcsv', 'admin'));
 require_once('institution.php');
-require_once('phpmailer/class.phpmailer.php');
 safe_require('artefact', 'internal');

 // Turn on autodetecting of line endings, so mac newlines (\r) will work
@@ -290,7 +289,7 @@ function uploadcsv_validate(Pieform $form, $values) {
            // Duplicate email within this file.
            $csverrors->add($i, get_string('uploadcsverroremailaddresstaken', 'admin', $i, $email));
        }
-        else if (!PHPMailer::ValidateAddress($email)) {
+        else if (!sanitize_email($email)) {
            $csverrors->add($i, get_string('uploadcsverrorinvalidemail', 'admin', $i, $email));
        }
        else if (!$values['updateusers']) {

--- a/htdocs/artefact/internal/index.php
+++ b/htdocs/artefact/internal/index.php
@@ -238,9 +238,8 @@ function profileform_validate(Pieform $form, $values) {
    }

    if (isset($values['email']['unsent']) && is_array($values['email']['validated'])) {
-        require_once('phpmailer/class.phpmailer.php');
        foreach ($values['email']['unsent'] as $email) {
-            if (!PHPMailer::ValidateAddress($email)) {
+            if (!sanitize_email($email)) {
                $form->set_error('email', get_string('invalidemailaddress', 'artefact.internal') . ': ' . hsc($email));
                break;
            }

--- a/htdocs/lib/mahara.php
+++ b/htdocs/lib/mahara.php
@@ -4281,7 +4281,8 @@ function is_https() {
 }

 function sanitize_email($value) {
-    if (filter_var($value, FILTER_VALIDATE_EMAIL) === false) {
+    require_once('phpmailer/class.phpmailer.php');
+    if (!PHPMailer::validateAddress($value)) {
        return '';
    }
    return $value;

--- a/htdocs/lib/pieforms/pieform/rules/email.php
+++ b/htdocs/lib/pieforms/pieform/rules/email.php
@@ -37,7 +37,7 @@
 *                         the address.
 */
 function pieform_rule_email(Pieform $form, $value, $element) {/*{{{*/
-    if (!preg_match('/^[A-Za-z0-9+\._%-]+@(?:[A-Za-z0-9-]+\.)+[a-z]{2,4}$/', $value)) {
+    if (!sanitize_email($value)) {
        return $form->i18n('rule', 'email', 'email', $element);
    }
-}/*}}}*/
+}
--- a/htdocs/lib/tests/phpunit/LibmaharaTest.php
+++ b/htdocs/lib/tests/phpunit/LibmaharaTest.php