View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005713 | OXID eShop (all versions) | 1.03. Basket, checkout process | public | 2014-03-26 15:12 | 2014-06-17 13:33 |
| Reporter | martinwegele | Assigned To | |||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 4.8.4 / 5.1.4 | ||||
| Target Version | 4.9.0_5.2.0_beta1 | Fixed in Version | 4.9.0_5.2.0_beta1 | ||
| Summary | 0005713: New TLDs are not accepted by oxinputvalidator | ||||
| Description | Currently the shop validates e-mail addresses by a regular expression with PHP and JavaScript: https://github.com/OXID-eSales/oxideshop_ce/blob/v4.8.4/source/core/oxutils.php#L344 https://github.com/OXID-eSales/oxideshop_ce/blob/v4.8.4/source/out/azure/src/js/widgets/oxinputvalidator.js#L355 However this will not accept some valid addresses as mentioned in the related bug entries 0003755, 0004870, 0004884, 0005097. Now things are getting worse with the new top level domains which were assigned by the ICANN recently: http://newgtlds.icann.org/en/program-status/delegated-strings Some have proposed to use PHP's own filter functions: http://de2.php.net/manual/en/intro.filter.php But according to PHP Security you should not: http://www.php-security.org/MOPB/PMOPB-45-2007.html There are people out there who say that validation of e-mail addresses cannot be done by an algorithm alone: http://davidcel.is/blog/2012/09/06/stop-validating-email-addresses-with-regex/ So maybe the whole subject of e-mail address validation should be evaluated (pun fully intended) together with this feature request: 0005285 And we should pay attention regarding the exact meaning of the terms validation, verification, double-opt-in,... | ||||
| Tags | No tags attached. | ||||
| Theme | Azure | ||||
| Browser | All | ||||
| PHP Version | any | ||||
| Database Version | any | ||||
| related to | 0003755 | resolved | saulius.stasiukaitis | Wrong valdiation for email-adresses with an ampersand or other special chars |
| related to | 0005285 | closed | florian.auer | Shop should check if user owns email when user creates shop account |
| related to | 0005097 | resolved | saulius.stasiukaitis | Accept "+" in E-Mail |
| related to | 0004884 | resolved | Linas Kukulskis | oxUtils::isValidEmail($email) not conform with RFC 2822 |
| related to | 0004870 | resolved | Linas Kukulskis | oxUtils->isValidEmail does not allow RFC allowed characters |
| related to | 0003073 | resolved | Linas Kukulskis | email validation |
| related to | 0006386 | closed | SvenBrunk | regex for "new" TLDs are broken again |
|
|
This is not limited to the "new" generic top level domains since .museum has been around for some time now. |
|
|
Fixed - will support up to 64 symbols top domains. MailValidator class add to validate mail. This class validates by config sEmailValidationRule. Validation rule might be changed by changing config value, setting different rule, extending class with module. |
