[TYPO3-dev] RFC: #11301: Feature: add eval email
Marcus Krause
marcus#exp2009 at t3sec.info
Fri Jun 5 08:26:48 CEST 2009
Peter Russ schrieb am 06/04/2009 03:41 PM Uhr:
> --- Original Nachricht ---
> Absender: bernd wilke
> Datum: 02.06.2009 15:48:
>> Am Wed, 27 May 2009 17:12:08 +0200 schrieb Mathias Schreiber [wmdb >]
>> in typo3.teams.core:
>>
>>> Steffen Kamper schrieb:
>>>> Hi,
>>>>
>>>> Johannes Feustel schrieb:
>>>>> evalFunc_email doesn't test if a tld exists. Why not using RegExp like
>>>>> /^([\w]+)(\.[\w]+)*@([\w\-]+\.){1,5}([A-Za-z]){2,4}$/; (copied from
>>>>> ExtJS) or using ExtJS validation directly?
>>>>>
>>>>>
>>>> i didn't want to run in same problems we had before in php with reg
>>>> exp., so JS-test is very simple:
>>>> does @ exist, does . exist, don't start with @, don't end with . The
>>>> deeper validation is done php-side.
>>> I like the idea, the docs should clearly state that the validation is
>>> rather basic and that email like huselpusel at 192.168.13.13 aren't covered
>>> by this.
>>
>> if the validation should be complete you need a much complexer regexp,
>> as email-addresses could be much more complex [1].
>> on first look: meanwhile there is a TLD 'museum': your last counting
>> {2,4} must be expanded, but than you got other problems: [2]
>> second thought: what about umlaut-domains? "fritz at müller.de" (I don't
>> think they are handled by [1])
>>
>> I think a full regexp will be slow, either javascript or PHP, and a
>> real validation will have to test wether the server exists and accepts
>> mail for this address. And then you won't know wether there will be a
>> reader to this mail or if it is dropped as unwanted. Two weeks ago I
>> got a huge load of undelivery-mails as a result of a spam-
>> wave with sender-addresses with random addresses from my domain
>> (probably combining real address parts in front of '@' with my
>> domain). There were a lot of 'valid' email-addresses but no mailbox to
>> receive them
>> [1] http://www.ex-parrot.com/~pdw/Mail-RFC822-Address.html
>> [2] http://www.regular-expressions.info/email.html
>>
>
> Why not use internal PHP email filter?
Please read again and understand that this is about a JS filter!
Marcus.
--
TYPO3 Security blog: http://secure.t3sec.info/
More information about the TYPO3-dev
mailing list