- CakePHP's email validation allows non-ASCII letter characters, e.g. á, in the local part of the email address (by the \p{L} unicode category construct). This should not be allowed, see https://en.wikipedia.org/wiki/Email_address#Local_part.
- It also allows non-ASCII letter characters in the domain part. This allows Internationalized Domain Names (IDN). The problem here lies in the fact that this is not supported by the SmtpTransport. An SMTP client should convert them to so called punycode ASCII, according to https://lists.exim.org/lurker/message/20140812.120609.bf764769.en.html. MTA exim does not accept the SMTP sequence. By the way, conversion to punycode can be done by PHP's idn_to_ascii().
This issues have been tested in the current 2.7 branch, but a quick code inspection confirms that they are also present in the master branch. As a workaround I have switched back to validation by PHP's filter_var(), used in a wrapper validation method.
The first issue can be fixed easily, although the right RFCs have to be consulted. For the second issue, we have to decide if we support IDN for email and if we do, support it (maybe not only in the SmtpTransport).
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at https://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment