[TASK] Additional check for valid domain in validEmail() 64/28264/5
authorBenjamin Mack <benni@typo3.org>
Tue, 11 Mar 2014 16:13:21 +0000 (17:13 +0100)
committerBenjamin Mack <benni@typo3.org>
Tue, 30 Dec 2014 15:18:14 +0000 (16:18 +0100)
If using a correct email address (= correct syntax),
but the domain name has no valid MX entry,
then a given email is validated as valid,
but the destination is still wrong. In some cases
the email should be completely validated.
By adding an additional PHP call to check if
the MX entry of the domain part is valid, the
validEmail() can be put in a stricter mode.

Releases: master
Resolves: #56771
Change-Id: I1396320835a9e2b51533d8b43115a7c4ef3ec338
Reviewed-on: http://review.typo3.org/28264
Reviewed-by: Frank Nägler <typo3@naegler.net>
Tested-by: Frank Nägler <typo3@naegler.net>
Reviewed-by: Mathias Schreiber <mathias.schreiber@wmdb.de>
Tested-by: Mathias Schreiber <mathias.schreiber@wmdb.de>
Reviewed-by: Benjamin Mack <benni@typo3.org>
Tested-by: Benjamin Mack <benni@typo3.org>
typo3/sysext/core/Classes/Utility/GeneralUtility.php
typo3/sysext/core/Tests/Unit/Utility/GeneralUtilityTest.php

index 166547a..068796b 100755 (executable)
@@ -1087,10 +1087,15 @@ class GeneralUtility {
         * expect to get just two parts. So we pop off the domain and then glue the
         * rest together again.
         *
+        * An additional, optional safety check can be done to see if the domain part
+        * has a valid MX record. see #56771 for more details
+        *
         * @param string $email Input string to evaluate
         * @return bool Returns TRUE if the $email address (input string) is valid
+        * @param bool $checkDnsRecordForValidMxEntry if enabled, a lookup on the domain name (type=MX) is done in order to verify the host part of the email address
+        * @return bool Returns TRUE if the $email address (input string) is valid
         */
-       static public function validEmail($email) {
+       static public function validEmail($email, $checkDnsRecordForValidMxEntry = FALSE) {
                // Early return in case input is not a string
                if (!is_string($email)) {
                        return FALSE;
@@ -1105,7 +1110,14 @@ class GeneralUtility {
                if (!preg_match('/^[a-z0-9.\\-]*$/i', $domain)) {
                        $domain = self::idnaEncode($domain);
                }
-               return filter_var($user . '@' . $domain, FILTER_VALIDATE_EMAIL) !== FALSE;
+
+               $result = (filter_var($user . '@' . $domain, FILTER_VALIDATE_EMAIL) !== FALSE);
+
+               // check if the domain has a valid MX record via a DNS lookup
+               if ($checkDnsRecordForValidMxEntry === TRUE && $result === TRUE) {
+                       $result = checkdnsrr($domain);
+               }
+               return $result;
        }
 
        /**
index ab9e6cb..5aa0b26 100644 (file)
@@ -928,6 +928,22 @@ class GeneralUtilityTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
                );
        }
 
+       /**
+        * Data provider for valid validEmail's with DNS Check
+        *
+        * @return array Valid email addresses
+        */
+       public function validEmailValidWithDNSCheckDataProvider() {
+               // please take care when adding more addresses to this
+               // provider! Please not add real addresses to prevent
+               // SPAM bots find this addresses.
+               // this array must contain valid domains for the DNS check
+               return array(
+                       'd3dcljkl38c23dasdas@typo3.org' => array('d3dcljkl38c23dasdas@typo3.org'),
+                       'd3dcljkl38c23dasdas@frank-nägler.de' => array('d3dcljkl38c23dasdas@frank-nägler.de')
+               );
+       }
+
        /**
         * @test
         * @dataProvider validEmailValidDataProvider
@@ -936,6 +952,14 @@ class GeneralUtilityTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
                $this->assertTrue(Utility\GeneralUtility::validEmail($address));
        }
 
+       /**
+        * @test
+        * @dataProvider validEmailValidWithDNSCheckDataProvider
+        */
+       public function validEmailReturnsTrueForValidMailAddressWithCheckDnsRecordForValidMxEntry($address) {
+               $this->assertTrue(Utility\GeneralUtility::validEmail($address, TRUE));
+       }
+
        /**
         * Data provider for invalid validEmail's
         *
@@ -985,6 +1009,14 @@ class GeneralUtilityTest extends \TYPO3\CMS\Core\Tests\UnitTestCase {
                $this->assertFalse(Utility\GeneralUtility::validEmail($address));
        }
 
+       /**
+        * @test
+        * @dataProvider validEmailInvalidDataProvider
+        */
+       public function validEmailReturnsFalseForInvalidMailAddressWithCheckDnsRecordForValidMxEntry($address) {
+               $this->assertFalse(Utility\GeneralUtility::validEmail($address, TRUE));
+       }
+
        //////////////////////////////////
        // Tests concerning inArray
        //////////////////////////////////