From 6d0b9484d94c0e6ca61feb35a271e1c49ccab3c3 Mon Sep 17 00:00:00 2001
From: Ilia Alshanetsky <iliaa@php.net>
Date: Mon, 7 Sep 2009 02:35:25 +0000
Subject: [PATCH] Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed
 characters).

---
 NEWS                            | 2 ++
 ext/filter/sanitizing_filters.c | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index c7fc3a74a4..8af68ecf09 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,8 @@ PHP                                                                        NEWS
 ?? ??? 2009, PHP 5.3.1RC?
 - Restored shebang line check to CGI sapi (not checked by scanner anymore).
   (Jani)
+- Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters).
+  (Ilia)
 
 ?? ??? 2009, PHP 5.3.1
 - Upgraded bundled sqlite to version 3.6.17. (Scott)
diff --git a/ext/filter/sanitizing_filters.c b/ext/filter/sanitizing_filters.c
index 24eafd13da..cdfe08c29b 100644
--- a/ext/filter/sanitizing_filters.c
+++ b/ext/filter/sanitizing_filters.c
@@ -275,7 +275,7 @@ void php_filter_unsafe_raw(PHP_INPUT_FILTER_PARAM_DECL)
 void php_filter_email(PHP_INPUT_FILTER_PARAM_DECL)
 {
 	/* Check section 6 of rfc 822 http://www.faqs.org/rfcs/rfc822.html */
-	const unsigned char allowed_list[] = LOWALPHA HIALPHA DIGIT "!#$%&'*+-/=?^_`{|}~@.[]";
+	const unsigned char allowed_list[] = LOWALPHA HIALPHA DIGIT "!#$%&'*+-=?^_`{|}~@.[]";
 	filter_map     map;
 
 	filter_map_init(&map);
-- 
2.50.0