View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007275 | OXID eShop (all versions) | 1.05. Users | public | 2021-09-13 14:22 | 2021-11-02 16:27 |
| Reporter | jaroslav.herber | Assigned To | |||
| Priority | high | Severity | major | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 6.3.1 | ||||
| Fixed in Version | 6.4.0 | ||||
| Summary | 0007275: Some email-addresses aren't compatible with OXID | ||||
| Description | If you register a shop-account with an email-address containing a dot and a following hyphen (".-"), the shop won't send any mails to this email-address. For example: [email protected] The problem is the use of the PHP-function idn_to_ascii() + PHP 7.4 idn_to_ascii returns false in this case -> so the shop will send the mail to an empty recipient-email-address. This bug could be PHP-related since the default behaviour of idn_to_ascii was changed in PHP 7.4. | ||||
| Steps To Reproduce | Register with a valid mail-address containing ".-" (dot and following hyphen) -> Like "[email protected]" Then place an order or use password forgot funciton. You won't receive any mail from the shop. | ||||
| Additional Information | /vendor/oxid-esales/oxideshop-ce/source/Core/Email.php: private function idnToAscii($idn) { if (function_exists('idn_to_ascii')) { return idn_to_ascii($idn); // <-- this it the problem } return $idn; } | ||||
| Tags | |||||
| Theme | All | ||||
| Browser | All | ||||
| PHP Version | 7.4 | ||||
| Database Version | All | ||||
|
|
According to definition of idn_to_ascii(), this function should be used with domains - not with email-addresses. https://www.php.net/manual/de/function.idn-to-ascii.php |
|
|
Hey @jaroslav.herber, you set this entry as a security issue. For me it sounds like a "normal" bug in the framework and therefore I have a hard time understanding it as a security problem. So I'd like to ask you to elaborate on that, please. Kind regards Michael |
|
|
Hi @michael_keiluweit, you're right. This should be an other category. But I don't see an edit button... Can you change it? Best regards, Jaro |
|
|
Hey @jaroslav.herber, done :) Greetings Michael |
