Commit dfa80ff7 authored by Nicole Cordes's avatar Nicole Cordes Committed by Georg Ringer
Browse files

[BUGFIX] Catch error in GeneralUtility::validEmail and GeneralUtility:isValidUrl

If a wrong email address or URL is parsed and the domain cannot be converted,
an exception is thrown by \Mso\IdnaConvert\IdnaConvert::encode(). This
exception needs to be caught.

Resolves: #81471
Releases: master, 8.7, 7.6
Change-Id: I76f9b8898655d9220e5176a60f388067a6c493b3
Reviewed-on: https://review.typo3.org/53121


Tested-by: default avatarTYPO3com <no-reply@typo3.com>
Reviewed-by: Tymoteusz Motylewski's avatarTymoteusz Motylewski <t.motylewski@gmail.com>
Tested-by: Tymoteusz Motylewski's avatarTymoteusz Motylewski <t.motylewski@gmail.com>
Reviewed-by: Georg Ringer's avatarGeorg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer's avatarGeorg Ringer <georg.ringer@gmail.com>
parent 77e728e7
......@@ -914,7 +914,11 @@ class GeneralUtility
$domain = substr($email, $atPosition + 1);
$user = substr($email, 0, $atPosition);
if (!preg_match('/^[a-z0-9.\\-]*$/i', $domain)) {
$domain = self::idnaEncode($domain);
try {
$domain = self::idnaEncode($domain);
} catch (\InvalidArgumentException $exception) {
return false;
}
}
return filter_var($user . '@' . $domain, FILTER_VALIDATE_EMAIL) !== false;
}
......@@ -1018,7 +1022,11 @@ class GeneralUtility
return false;
}
if (isset($parsedUrl['host']) && !preg_match('/^[a-z0-9.\\-]*$/i', $parsedUrl['host'])) {
$parsedUrl['host'] = self::idnaEncode($parsedUrl['host']);
try {
$parsedUrl['host'] = self::idnaEncode($parsedUrl['host']);
} catch (\InvalidArgumentException $exception) {
return false;
}
}
return filter_var(HttpUtility::buildUrl($parsedUrl), FILTER_VALIDATE_URL) !== false;
}
......
......@@ -981,7 +981,8 @@ class GeneralUtilityTest extends \TYPO3\TestingFramework\Core\Unit\UnitTestCase
'trailing carriage return' => ['test@example.com' . CR],
'trailing linefeed' => ['test@example.com' . LF],
'trailing carriage return linefeed' => ['test@example.com' . CRLF],
'trailing tab' => ['test@example.com' . TAB]
'trailing tab' => ['test@example.com' . TAB],
'prohibited input characters' => ['“mailto:test@example.com”'],
];
}
......@@ -1902,6 +1903,7 @@ class GeneralUtilityTest extends \TYPO3\TestingFramework\Core\Unit\UnitTestCase
'string array()' => ['array()'],
'random string' => ['qwe'],
'http directory umlauts' => ['http://www.oebb.at/äöü/'],
'prohibited input characters' => ['https://{$unresolved_constant}'],
];
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment