Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters).

diff --git a/NEWS b/NEWS
index 2f06f752d2e6b6318f32584adeb8d7bf391add6d..0f4b9201a309ccd858a7173d0fe98f3f1df02c55 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,10 +1,10 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 0? Sep 2009, PHP 5.2.11
-- Fixed bug #48060 (pdo_pgsql - large objects are returned as empty). (Matteo)
+- Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters).
 - Fixed bug #49447 (php engine needs to correctly check for socket API return
   status on windows). (Sriram Natarajan)
-
+- Fixed bug #48060 (pdo_pgsql - large objects are returned as empty). (Matteo)
 
 03 Sep 2009, PHP 5.2.11RC2
 - Added missing sanity checks around exif processing. (Ilia)

diff --git a/ext/filter/sanitizing_filters.c b/ext/filter/sanitizing_filters.c
index 24eafd13da2519b48c425eead5850ef209e4c26e..cdfe08c29b21d670468baa34f077f4d69020e98e 100644 (file)
--- a/ext/filter/sanitizing_filters.c
+++ b/ext/filter/sanitizing_filters.c
@@ -275,7 +275,7 @@ void php_filter_unsafe_raw(PHP_INPUT_FILTER_PARAM_DECL)
 void php_filter_email(PHP_INPUT_FILTER_PARAM_DECL)
 {
        /* Check section 6 of rfc 822 http://www.faqs.org/rfcs/rfc822.html */
-       const unsigned char allowed_list[] = LOWALPHA HIALPHA DIGIT "!#$%&'*+-/=?^_`{|}~@.[]";
+       const unsigned char allowed_list[] = LOWALPHA HIALPHA DIGIT "!#$%&'*+-=?^_`{|}~@.[]";
        filter_map     map;
 
        filter_map_init(&map);