diff -Nur osticket_1.6.rc2/upload/include/class.validator.php osticket_1.6.rc2-patch5/upload/include/class.validator.php --- osticket_1.6.rc2/upload/include/class.validator.php 2008-01-01 04:40:46.000000000 +0100 +++ osticket_1.6.rc2-patch5/upload/include/class.validator.php 2008-01-24 13:03:00.000000000 +0100 @@ -125,9 +125,37 @@ } /* Functione below can be called directly without class instance. Validator::func(var..); */ + /* RFC 2822 syntaxic check */ + /* derived from http://www.ilovejackdaniels.com/php/email-address-validation/ */ function is_email($email) { - return eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$",trim($email)); + // First, we check that there's one @ symbol, and that the lengths are right + if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) { + // Email invalid because wrong number of characters in one section, or wrong number of @ symbols. + return false; + } + // Split it into sections to make life easier + $email_array = explode("@", $email); + $local_array = explode(".", $email_array[0]); + for ($i = 0; $i < sizeof($local_array); $i++) { + if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) { + return false; + } + } + if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name + $domain_array = explode(".", $email_array[1]); + if (sizeof($domain_array) < 2) { + return false; // Not enough parts to domain + } + for ($i = 0; $i < sizeof($domain_array); $i++) { + if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) { + return false; + } + } + } + + return true; } + function is_phone($phone) { $stripped=eregi_replace("(\(|\)|\-|\+)","",ereg_replace("([ ]+)","",$phone)); return (!is_numeric($stripped) || ((strlen($stripped)<7) || (strlen($stripped)>13)))?false:true;