Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters).

author Ilia Alshanetsky <iliaa@php.net>

Mon, 7 Sep 2009 02:35:25 +0000 (02:35 +0000)

committer Ilia Alshanetsky <iliaa@php.net>

Mon, 7 Sep 2009 02:35:25 +0000 (02:35 +0000)
author Ilia Alshanetsky <iliaa@php.net>
Mon, 7 Sep 2009 02:35:25 +0000 (02:35 +0000)
committer Ilia Alshanetsky <iliaa@php.net>
Mon, 7 Sep 2009 02:35:25 +0000 (02:35 +0000)
diff --git a/NEWS b/NEWS

index c7fc3a74a47b932238677cda6b3f2df146816178..8af68ecf0936d29f718be5738647bc71ca632318 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,8 @@ PHP                                                                        NEWS
  ?? ??? 2009, PHP 5.3.1RC?
  - Restored shebang line check to CGI sapi (not checked by scanner anymore).
    (Jani)
+- Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters).
+  (Ilia)
  
  ?? ??? 2009, PHP 5.3.1
  - Upgraded bundled sqlite to version 3.6.17. (Scott)
diff --git a/ext/filter/sanitizing_filters.c b/ext/filter/sanitizing_filters.c

index 24eafd13da2519b48c425eead5850ef209e4c26e..cdfe08c29b21d670468baa34f077f4d69020e98e 100644 (file)
--- a/ext/filter/sanitizing_filters.c
+++ b/ext/filter/sanitizing_filters.c
@@ -275,7 +275,7 @@ void php_filter_unsafe_raw(PHP_INPUT_FILTER_PARAM_DECL)
  void php_filter_email(PHP_INPUT_FILTER_PARAM_DECL)
  {
         /* Check section 6 of rfc 822 http://www.faqs.org/rfcs/rfc822.html */
-       const unsigned char allowed_list[] = LOWALPHA HIALPHA DIGIT "!#$%&'*+-/=?^_`{|}~@.[]";
+       const unsigned char allowed_list[] = LOWALPHA HIALPHA DIGIT "!#$%&'*+-=?^_`{|}~@.[]";
         filter_map     map;
  
         filter_map_init(&map);
author	Ilia Alshanetsky <iliaa@php.net>
	Mon, 7 Sep 2009 02:35:25 +0000 (02:35 +0000)
committer	Ilia Alshanetsky <iliaa@php.net>
	Mon, 7 Sep 2009 02:35:25 +0000 (02:35 +0000)
NEWS		patch \| blob \| history
ext/filter/sanitizing_filters.c		patch \| blob \| history