Opened 11 years ago
Last modified 3 years ago
#24487 new defect (bug)
is_email() does not recognize IDN domains
Reported by: | OlegCorner | Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | minor | Version: | 3.5.1 |
Component: | Formatting | Keywords: | has-patch is-email |
Focuses: | Cc: |
Description (last modified by )
Insufficient validation of the domain name in function is_email of wp-includes/formatting.php.
WordPress 3.5.1 > , including trunk.
Test for invalid characters does not test Unicode symbols in international domain, such as Cyrillic domains and other Unicode domains.
Attachments (2)
Change History (10)
#1
@
11 years ago
- Description modified (diff)
- Summary changed from Insufficient validation of the domain name in wp-includes/formatting.php to is_email() does not recognize IDN domains
#2
@
11 years ago
- Milestone changed from Awaiting Review to Future Release
Hi OlegCorner. We had quite a bit of "fun" with \P{L}
, as it is possible to compile PCRE without Unicode support. See #22692. Not sure what to do here, though it does seem to be possible to check for this support with a separate check, then allow IDN domains through if so. Or, there might be another way to check for this.
#4
@
9 years ago
Can't find how to make a patch here, but i belive we need do add idn_to_ascii function php > 5.4.0
$domain = idn_to_ascii($domain);
on line #2422 in wp-includes/formatting.php
and later
$email = implode( '@', array($local, $domain));
#5
@
8 years ago
It's worth mentioning that WordPress now includes an IDN parser inside Requests: Requests_IDNAEncoder
. We could convert IDN domains to their ASCII representation, and if that fails, the domain is invalid. If it succeeds, it can then go through the regular email checks.
Related: #17491