[BUGFIX] Catch error in GeneralUtility::validEmail and GeneralUtility:isValidUrl 26/53626/2
authorNicole Cordes <typo3@cordes.co>
Mon, 5 Jun 2017 12:32:31 +0000 (14:32 +0200)
committerGeorg Ringer <georg.ringer@gmail.com>
Sun, 30 Jul 2017 17:33:13 +0000 (19:33 +0200)
If a wrong email address or URL is parsed and the domain cannot be converted,
an exception is thrown by \Mso\IdnaConvert\IdnaConvert::encode(). This
exception needs to be caught.

Resolves: #81471
Releases: master, 8.7, 7.6
Change-Id: I76f9b8898655d9220e5176a60f388067a6c493b3
Reviewed-on: https://review.typo3.org/53626
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
typo3/sysext/core/Classes/Utility/GeneralUtility.php
typo3/sysext/core/Tests/Unit/Utility/GeneralUtilityTest.php

index 6f8c159..22463db 100644 (file)
@@ -1105,7 +1105,11 @@ class GeneralUtility
         $domain = substr($email, $atPosition + 1);
         $user = substr($email, 0, $atPosition);
         if (!preg_match('/^[a-z0-9.\\-]*$/i', $domain)) {
-            $domain = self::idnaEncode($domain);
+            try {
+                $domain = self::idnaEncode($domain);
+            } catch (\InvalidArgumentException $exception) {
+                return false;
+            }
         }
         return filter_var($user . '@' . $domain, FILTER_VALIDATE_EMAIL) !== false;
     }
@@ -1423,7 +1427,11 @@ class GeneralUtility
             return false;
         }
         if (isset($parsedUrl['host']) && !preg_match('/^[a-z0-9.\\-]*$/i', $parsedUrl['host'])) {
-            $parsedUrl['host'] = self::idnaEncode($parsedUrl['host']);
+            try {
+                $parsedUrl['host'] = self::idnaEncode($parsedUrl['host']);
+            } catch (\InvalidArgumentException $exception) {
+                return false;
+            }
         }
         return filter_var(HttpUtility::buildUrl($parsedUrl), FILTER_VALIDATE_URL) !== false;
     }
index e6c9818..761a432 100644 (file)
@@ -1081,7 +1081,8 @@ class GeneralUtilityTest extends \TYPO3\CMS\Core\Tests\UnitTestCase
             'trailing carriage return' => ['test@example.com' . CR],
             'trailing linefeed' => ['test@example.com' . LF],
             'trailing carriage return linefeed' => ['test@example.com' . CRLF],
-            'trailing tab' => ['test@example.com' . TAB]
+            'trailing tab' => ['test@example.com' . TAB],
+            'prohibited input characters' => ['“mailto:test@example.com”'],
         ];
     }
 
@@ -2066,6 +2067,7 @@ class GeneralUtilityTest extends \TYPO3\CMS\Core\Tests\UnitTestCase
             'string array()' => ['array()'],
             'random string' => ['qwe'],
             'http directory umlauts' => ['http://www.oebb.at/äöü/'],
+            'prohibited input characters' => ['https://{$unresolved_constant}'],
         ];
     }