Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters).

author: Ilia Alshanetsky <iliaa@php.net> 2009-09-07 02:35:25 +0000
committer: Ilia Alshanetsky <iliaa@php.net> 2009-09-07 02:35:25 +0000
commit: 6d0b9484d94c0e6ca61feb35a271e1c49ccab3c3 (patch)
tree: bb1825b059d40447afd17317d0bcb57185326ca6
parent: 3e359ee5b486694bcae39b9283b6245e707527c3 (diff)
download: php-git-6d0b9484d94c0e6ca61feb35a271e1c49ccab3c3.tar.gz
2 files changed, 3 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index c7fc3a74a4..8af68ecf09 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,8 @@ PHP                                                                        NEWS
 ?? ??? 2009, PHP 5.3.1RC?
 - Restored shebang line check to CGI sapi (not checked by scanner anymore).
   (Jani)
+- Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters).
+  (Ilia)
 
 ?? ??? 2009, PHP 5.3.1
 - Upgraded bundled sqlite to version 3.6.17. (Scott)
diff --git a/ext/filter/sanitizing_filters.c b/ext/filter/sanitizing_filters.c
index 24eafd13da..cdfe08c29b 100644
--- a/ext/filter/sanitizing_filters.c
+++ b/ext/filter/sanitizing_filters.c
@@ -275,7 +275,7 @@ void php_filter_unsafe_raw(PHP_INPUT_FILTER_PARAM_DECL)
 void php_filter_email(PHP_INPUT_FILTER_PARAM_DECL)
 {
 	/* Check section 6 of rfc 822 http://www.faqs.org/rfcs/rfc822.html */
-	const unsigned char allowed_list[] = LOWALPHA HIALPHA DIGIT "!#$%&'*+-/=?^_`{|}~@.[]";
+	const unsigned char allowed_list[] = LOWALPHA HIALPHA DIGIT "!#$%&'*+-=?^_`{|}~@.[]";
 	filter_map     map;
 
 	filter_map_init(&map);
author	Ilia Alshanetsky <iliaa@php.net>	2009-09-07 02:35:25 +0000
committer	Ilia Alshanetsky <iliaa@php.net>	2009-09-07 02:35:25 +0000
commit	6d0b9484d94c0e6ca61feb35a271e1c49ccab3c3 (patch)
tree	bb1825b059d40447afd17317d0bcb57185326ca6
parent	3e359ee5b486694bcae39b9283b6245e707527c3 (diff)
download	php-git-6d0b9484d94c0e6ca61feb35a271e1c49ccab3c3.tar.gz