r81101 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r81100‎ \| r81101 \| r81102 >
Date:	20:52, 27 January 2011
Author:	hashar
Status:	resolved (Comments)
Tags:
Comment:	Bug 26948 - hyphens incorrectly interpreted as range This is the kind of easy to fix, hard to review bug. Email validation make uses of strings listing characters, those strings are then enclosed between brackets "[]". Inside brackets, the hyphen is used to describe a range of character [a-d] being a b c d. The string containing an unescaped hyphen, made JS/PHP validation to match the incorrect comma ",". * Backslash hyphen * JS,PHP: add tests for commas and hyphens in username or domain * JS: add var to rfc_1034_ldh_str * JS: minor code cleanup TESTS: php phpunit.php -c suite.xml --filter ValidEmail OK (13 tests, 32 assertions) Special:BlankPage?action=mwutiltest&debug=true Ran 66 tests. 66 passed test(s). 0 error(s). 0 partially passed test(s).
Modified paths:	/trunk/phase3/includes/User.php (modified) (history) /trunk/phase3/resources/mediawiki.util/mediawiki.util.js (modified) (history) /trunk/phase3/resources/mediawiki.util/mediawiki.util.test.js (modified) (history) /trunk/phase3/tests/phpunit/includes/UserIsValidEmailAddrTest.php (modified) (history)

Diff [purge]

Index: trunk/phase3/tests/phpunit/includes/UserIsValidEmailAddrTest.php
—	—	@@ -47,6 +47,15 @@
48	48	$this->invalid( "first last@mycompany" );
49	49	$this->invalid( "firstlast@my company" );
50	50	}
	51	+ // bug 26948 : comma were matched by an incorrect regexp range
	52	+ function testEmailWithCommasAreInvalids() {
	53	+ $this->invalid( "user,foo@example.org" );
	54	+ $this->invalid( "userfoo@ex,ample.org" );
	55	+ }
	56	+ function testEmailWithHyphens() {
	57	+ $this->valid( "user-foo@example.org" );
	58	+ $this->valid( "userfoo@ex-ample.org" );
	59	+ }
51	60	function testEmailDomainCanNotBeginWithDot() {
52	61	$this->invalid( "user@." );
53	62	$this->invalid( "user@.localdomain" );
Index: trunk/phase3/includes/User.php
—	—	@@ -673,9 +673,13 @@
674	674	if( !wfRunHooks( 'isValidEmailAddr', array( $addr, &$result ) ) ) {
675	675	return $result;
676	676	}
677		~~- $rfc5322_atext = "a-z0-9!#$%&'*+-\/=?^_`{\|}~" ;~~
678		~~- $rfc1034_ldh_str = "a-z0-9-" ;~~
679	677
	678	+ // Please note strings below are enclosed in brackets [], this make the
	679	+ // hyphen "-" a range indicator. Hence it is double backslashed below.
	680	+ // See bug 26948
	681	+ $rfc5322_atext = "a-z0-9!#$%&'*+\\-\/=?^_`{\|}~" ;
	682	+ $rfc1034_ldh_str = "a-z0-9\\-" ;
	683	+
680	684	$HTML5_email_regexp = "/
681	685	^ # start of string
682	686	[$rfc5322_atext\\.]+ # user part which is liberal :p
Index: trunk/phase3/resources/mediawiki.util/mediawiki.util.test.js
—	—	@@ -273,6 +273,17 @@
274	274	mw.test.addTest( 'mw.util.validateEmail( "user@localhost" )',
275	275	'true (boolean)' );
276	276
	277	+ // testEmailWithCommasAreInvalids
	278	+ mw.test.addTest( 'mw.util.validateEmail( "user,foo@example.org" )',
	279	+ 'false (boolean)' );
	280	+ mw.test.addTest( 'mw.util.validateEmail( "userfoo@ex,ample.org" )',
	281	+ 'false (boolean)' );
	282	+ // testEmailWithHyphens
	283	+ mw.test.addTest( 'mw.util.validateEmail( "user-foo@example.org" )',
	284	+ 'true (boolean)' );
	285	+ mw.test.addTest( 'mw.util.validateEmail( "userfoo@ex-ample.org" )',
	286	+ 'true (boolean)' );
	287	+
277	288	// jQuery plugins
278	289	mw.test.addHead( 'jQuery plugins' );
279	290
Index: trunk/phase3/resources/mediawiki.util/mediawiki.util.js
—	—	@@ -475,7 +475,7 @@
476	476	"\|" / "}" /
477	477	"~"
478	478	*/
479		~~- var rfc5322_atext = "a-z0-9!#$%&'*+-/=?^_`{\|}~",~~
	479	+ var rfc5322_atext = "a-z0-9!#$%&'*+\\-/=?^_`{\|}~",
480	480
481	481	/**
482	482	* Next define the RFC 1034 'ldh-str'
—	—	@@ -486,14 +486,14 @@
487	487	* <let-dig-hyp> ::= <let-dig> \| "-"
488	488	* <let-dig> ::= <letter> \| <digit>
489	489	*/
490		~~- rfc1034_ldh_str = "a-z0-9-",~~
	490	+ var rfc1034_ldh_str = "a-z0-9\\-",
491	491
492	492	HTML5_email_regexp = new RegExp(
493	493	// start of string
494	494	'^'
495	495	+
496	496	// User part which is liberal :p
497		~~- '[' + rfc5322_atext + '\\.' + ']' + '+'~~
	497	+ '[' + rfc5322_atext + '\\.]+'
498	498	+
499	499	// 'at'
500	500	'@'

Follow-up revisions

Revision	Commit summary	Author	Date
r81105	invalid 'var' in JS email validation...	hashar	21:14, 27 January 2011
r81402	1.17: MFT r79915, r79957, r79964, r79990, r80687, r80999, r81006, r81011, r81...	catrope	16:18, 2 February 2011

Comments

#Comment by Hashar (talk | contribs) 20:53, 27 January 2011

Marking for inclusion in 1.17.

#Comment by Nikerabbit (talk | contribs) 21:05, 27 January 2011

Isn't it enough to have the hyphen as the last char where it is not special?

#Comment by Hashar (talk | contribs) 21:17, 27 January 2011

I have backslashed it anyway, just in case someone later add a char after it.

#Comment by Nikerabbit (talk | contribs) 21:29, 27 January 2011

Fair enough.

Status & tagging log

16:19, 2 February 2011 Catrope (talk | contribs) changed the tags for r81101 [removed: 1.17]
23:44, 27 January 2011 Catrope (talk | contribs) changed the status of r81101 [removed: new added: resolved]
20:53, 27 January 2011 Hashar (talk | contribs) changed the tags for r81101 [added: 1.17]