diff options
| -rw-r--r-- | NEWS | 2 | ||||
| -rw-r--r-- | ext/filter/sanitizing_filters.c | 2 |
2 files changed, 3 insertions, 1 deletions
@@ -5,6 +5,8 @@ PHP NEWS ?? ??? 2009, PHP 5.3.1RC? - Restored shebang line check to CGI sapi (not checked by scanner anymore). (Jani) +- Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters). + (Ilia) ?? ??? 2009, PHP 5.3.1 - Upgraded bundled sqlite to version 3.6.17. (Scott) diff --git a/ext/filter/sanitizing_filters.c b/ext/filter/sanitizing_filters.c index 24eafd13da..cdfe08c29b 100644 --- a/ext/filter/sanitizing_filters.c +++ b/ext/filter/sanitizing_filters.c @@ -275,7 +275,7 @@ void php_filter_unsafe_raw(PHP_INPUT_FILTER_PARAM_DECL) void php_filter_email(PHP_INPUT_FILTER_PARAM_DECL) { /* Check section 6 of rfc 822 http://www.faqs.org/rfcs/rfc822.html */ - const unsigned char allowed_list[] = LOWALPHA HIALPHA DIGIT "!#$%&'*+-/=?^_`{|}~@.[]"; + const unsigned char allowed_list[] = LOWALPHA HIALPHA DIGIT "!#$%&'*+-=?^_`{|}~@.[]"; filter_map map; filter_map_init(&map); |