NYCPHP Meetup

NYPHP.org

[nycphp-talk] Sneaking in unwanted characters

Jeff jsiegel1 at optonline.net
Wed Sep 10 16:44:15 EDT 2003 

To answer the second question first, when an email comes through my
client's website it gets sent to a lot of people and the email address
goes into the body of the email. Outlook interprets me at mydomain.com as
an email address but if it says www.me at mydomain.com it treats it as a
URL. Hence the client request to eliminate addresses with "www." 

The email address they snuck through was www.RMujanovic at aol.com. 

I'll see if escaping the period (.) helps but...I still wonder how they
did it?

Jeff Siegel

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of David Sklar
Sent: Wednesday, September 10, 2003 2:52 PM
To: NYPHP Talk
Subject: RE: [nycphp-talk] Sneaking in unwanted characters


What is the e-mail address they snuck through? You probably want to
escape
the . in the character class before the @ in the first regex --
otherwise
you're matching ^.+@

Separately, why does your client want to do this? www.me at mydomain.com is
a
perfectly valid e-mail address.

David

On Wednesday, September 10, 2003 3:35 PM,  wrote:

> My client doesn't want anyone who visits his website to enter an email
> address like www.me at mydomain.com.
> So, I have two checks to validate the email entered by the user. Each
> check uses preg_match.
>
> Here's the pattern used for the first match:
> '/^[a-z0-9_.=+-]+@([a-z0-9-]+\.)+([a-z]{2,6})$/i',
>
> Then the email goes through a second check: ( preg_match('/^www\./',
> trim($_POST['email'])) )
>
> Somehow someone managed to sneak through an email address with a www
> at the beginning and I'm a bit puzzled as to how they managed to do
> it. Is it possible that they entered some sort of non-printable
> character, like a character with an ASCII value less than 33, which
> would foil the data check? Or is it something obvious that I'm
> overlooking?
>
> Jeff Siegel
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk

_______________________________________________
talk mailing list
talk at lists.nyphp.org
http://lists.nyphp.org/mailman/listinfo/talk

More information about the talk mailing list