View Issue Details

IDProjectCategoryView StatusLast Update
0005713OXID eShop (all versions)1.03. Basket, checkout processpublic2014-06-17 13:33
Reportermartinwegele 
PrioritynormalSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Product Version4.8.4 / 5.1.4 
Target Version4.9.0_5.2.0_beta1Fixed in Version4.9.0_5.2.0_beta1 
Summary0005713: New TLDs are not accepted by oxinputvalidator
DescriptionCurrently the shop validates e-mail addresses by a regular expression with PHP and JavaScript:
https://github.com/OXID-eSales/oxideshop_ce/blob/v4.8.4/source/core/oxutils.php#L344
https://github.com/OXID-eSales/oxideshop_ce/blob/v4.8.4/source/out/azure/src/js/widgets/oxinputvalidator.js#L355
However this will not accept some valid addresses as mentioned in the related bug entries 0003755, 0004870, 0004884, 0005097.
Now things are getting worse with the new top level domains which were assigned by the ICANN recently: http://newgtlds.icann.org/en/program-status/delegated-strings
Some have proposed to use PHP's own filter functions: http://de2.php.net/manual/en/intro.filter.php
But according to PHP Security you should not: http://www.php-security.org/MOPB/PMOPB-45-2007.html
There are people out there who say that validation of e-mail addresses cannot be done by an algorithm alone: http://davidcel.is/blog/2012/09/06/stop-validating-email-addresses-with-regex/
So maybe the whole subject of e-mail address validation should be evaluated (pun fully intended) together with this feature request: 0005285
And we should pay attention regarding the exact meaning of the terms validation, verification, double-opt-in,...
TagsNo tags attached.
ThemeAzure
BrowserAll
PHP Versionany
MySQL Versionany

Relationships

related to 0003755 resolvedsaulius.stasiukaitis Wrong valdiation for email-adresses with an ampersand or other special chars 
related to 0005285 closedflorian.auer Shop should check if user owns email when user creates shop account 
related to 0005097 resolvedsaulius.stasiukaitis Accept "+" in E-Mail 
related to 0004884 resolvedLinas Kukulskis oxUtils::isValidEmail($email) not conform with RFC 2822 
related to 0004870 resolvedLinas Kukulskis oxUtils->isValidEmail does not allow RFC allowed characters 
related to 0003073 resolvedLinas Kukulskis email validation 
related to 0006386 acknowledgedflorian.auer regex for "new" TLDs are broken again 

Activities

martinwegele

2014-03-27 10:11

reporter   ~0009684

This is not limited to the "new" generic top level domains since .museum has been around for some time now.

saulius.stasiukaitis

2014-06-17 13:32

reporter   ~0009967

Fixed - will support up to 64 symbols top domains.

MailValidator class add to validate mail. This class validates by config sEmailValidationRule. Validation rule might be changed by changing config value, setting different rule, extending class with module.