? logs
? sites/all/modules
? sites/default/files
? sites/default/settings.php
Index: includes/common.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/common.inc,v
retrieving revision 1.756.2.101
diff -u -p -r1.756.2.101 common.inc
--- includes/common.inc	3 Nov 2010 18:54:41 -0000	1.756.2.101
+++ includes/common.inc	12 Nov 2010 01:40:26 -0000
@@ -953,9 +953,8 @@ function t($string, $args = array(), $la
  */
 
 /**
- * Verifies the syntax of the given e-mail address.
- *
- * See RFC 2822 for details.
+ * Verifies the syntax of the given e-mail address.  See RFC 1123, 3696, 4291,
+ * 5321, 5322, 5952, including their respective errata.
  *
  * @param $mail
  *   A string containing an e-mail address.
@@ -964,12 +963,270 @@ function t($string, $args = array(), $la
  *   there is an input error (such as passing in an array instead of a string).
  */
 function valid_email_address($mail) {
-  $user = '[a-zA-Z0-9_\-\.\+\^!#\$%&*+\/\=\?\`\|\{\}~\']+';
-  $domain = '(?:(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.?)+';
-  $ipv4 = '[0-9]{1,3}(\.[0-9]{1,3}){3}';
-  $ipv6 = '[0-9a-fA-F]{1,4}(\:[0-9a-fA-F]{1,4}){7}';
+  $mail_length = strlen($mail);
+  if ($mail_length > 256) {
+    return FALSE;
+  }
+  $at_index = strrpos($mail,  '@');
+
+  if ($at_index === FALSE) {
+    return FALSE;
+  }
+  if ($at_index === 0) {
+    return FALSE;
+  }
+  if ($at_index === $mail_length) {
+    return FALSE;
+  }
+  $brace_depth = 0;
+  $in_quote = FALSE;
+  $escape_this_char = FALSE;
+
+  for ($i = 0; $i < $mail_length; ++$i) {
+    $char = $mail[$i];
+    $replace_char = FALSE;
+
+    if ($char === '\\') {
+      $escape_this_char = !$escape_this_char;
+    } 
+    else {
+      switch ($char) {
+        case '(':
+          if ($escape_this_char) {
+            $replace_char = TRUE;
+          }
+          else {
+            if ($in_quote) {
+              $replace_char = TRUE;
+            }
+            else {
+              if ($brace_depth++ > 0) {
+                $replace_char = TRUE;
+              }
+            }
+          }
+          break;
 
-  return preg_match("/^$user@($domain|(\[($ipv4|$ipv6)\]))$/", $mail);
+        case ')':
+          if ($escape_this_char) {
+            $replace_char = TRUE;
+          }
+          else {
+            if ($in_quote) {
+              $replace_char = TRUE;
+            }
+            else {
+              if (--$brace_depth > 0) {
+                $replace_char = TRUE;
+              }
+              if ($brace_depth < 0) {
+                $brace_depth = 0;
+              }
+            }
+          }
+          break;
+
+        case '"':
+          if ($escape_this_char) {
+            $replace_char = TRUE;
+          }
+          else {
+            if ($brace_depth === 0) {
+              $in_quote = !$in_quote;
+            }
+            else {
+              $replace_char = TRUE;
+            }
+          }
+          break;
+
+        case '.':
+          if ($escape_this_char) {
+            $replace_char = TRUE;
+          }
+          else {
+            if ($brace_depth > 0) {
+              $replace_char = TRUE;
+            }
+          }
+          break;
+
+        default:
+      }
+
+      $escape_this_char = FALSE;
+      if ($replace_char) {
+        $mail[$i] = 'x';
+      }
+    }
+  }
+
+  $local_part = substr($mail, 0, $at_index);
+  $domain = substr($mail, $at_index + 1);
+  $FWS = "(?:(?:(?:[ \\t]*(?:\\r\\n))?[ \\t]+)|(?:[ \\t]+(?:(?:\\r\\n)[ \\t]+)*))";
+  $dot_array = preg_split('/\\.(?=(?:[^\\"]*\\"[^\\"]*\\")*(?![^\\"]*\\"))/m', $local_part);
+  $part_length = 0;
+
+  foreach ($dot_array as $element) {
+    $element = preg_replace("/^$FWS|$FWS\$/", '', $element);
+    $element_length = strlen($element);
+
+    if ($element_length > 0 and $element[0] === '(') {
+      $index_brace = strpos($element, ')');
+      if ($index_brace !== FALSE) {
+        if (preg_match('/(?<!\\\\)[\\(\\)]/', substr($element, 1, $index_brace - 1)) > 0) {
+          return FALSE;
+        }
+        $element = substr($element, $index_brace + 1, $element_length - $index_brace - 1);
+        $element_length = strlen($element);
+      }
+    }
+    
+    if ($element_length > 1 and $element[$element_length - 1] === ')') {
+      $index_brace = strrpos($element, '(');
+      if ($index_brace !== FALSE) {
+        if (preg_match('/(?<!\\\\)(?:[\\(\\)])/', substr($element, $index_brace + 1, $element_length - $index_brace - 2)) > 0) {
+          return FALSE;
+        }
+        $element = substr($element, 0, $index_brace);
+        $element_length = strlen($element);
+      }
+    }
+    $element = preg_replace("/^$FWS|$FWS\$/", '', $element);
+    if ($part_length > 0) {
+      $part_length++;
+    }
+    $part_length += strlen($element);
+    if (preg_match('/^"(?:.)*"$/s', $element) > 0) {
+      $element = preg_replace("/(?<!\\\\)$FWS/", '', $element);
+      $element = preg_replace('/\\\\\\\\/', ' ', $element);
+      if (preg_match('/(?<!\\\\|^)["\\r\\n\\x00](?!$)|\\\\"$|""/', $element) > 0) {
+        return FALSE;
+      }
+    }
+    else {
+      if ($element === '') {
+        return FALSE;
+      }
+      if (preg_match('/[\\x00-\\x20\\(\\)<>\\[\\]:;@\\\\,\\."]/', $element) > 0) {
+        return FALSE;
+      }
+    }
+  }
+
+  if ($part_length > 64) {
+    return FALSE;
+  }
+  if (preg_match('/^\\[(.)+]$/', $domain) === 1) {
+    $address_literal = substr($domain, 1, strlen($domain) - 2);
+    $matches_IP = array();
+    if (preg_match('/\\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/', $address_literal, $matches_IP) > 0) {
+      $index = strrpos($address_literal, $matches_IP[0]);
+      
+      if ($index === 0) {
+        return TRUE;
+      }
+      else {
+        if ($address_literal[$index - 1] !== ':') {
+          return FALSE;
+        }
+        if (substr($address_literal, 0, 5) !== 'IPv6:') {
+          return FALSE;
+        }
+
+        $IP_v6 = substr($address_literal, 5, ($index ===7) ? 2 : $index - 6);
+        $group_max = 6;
+      }
+    }
+    else {
+      if (substr($address_literal, 0, 5) !== 'IPv6:') {
+        return FALSE;
+      }
+      $IP_v6 = substr($address_literal, 5);
+      $group_max = 8;
+    }
+
+    $group_count = preg_match_all('/^[0-9a-fA-F]{0,4}|\\:[0-9a-fA-F]{0,4}|(.)/', $IP_v6, $matches_IP);
+    $index = strpos($IP_v6, '::');
+
+    if ($index === FALSE) {
+      if ($group_count !== $group_max) {
+        return FALSE;
+      }
+    }
+    else {
+      if ($index !== strrpos($IP_v6, '::')) {
+        return FALSE;
+      }
+      $group_max = ($index === 0 || $index === (strlen($IP_v6) - 2)) ? $group_max : $group_max - 1;
+      if ($group_count > $group_max) {
+        return FALSE;
+      }
+    }
+    array_multisort($matches_IP[1], SORT_DESC);
+    if ($matches_IP[1][0] !== '') {
+      return FALSE;
+    }
+    return TRUE;
+  }
+  else {
+    $dot_array = preg_split('/\\.(?=(?:[^\\"]*\\"[^\\"]*\\")*(?![^\\"]*\\"))/m', $domain);
+    $part_length = 0;
+
+    if (count($dot_array) === 1) {
+      return FALSE;
+    }
+
+    foreach ($dot_array as $element) {
+      $element = preg_replace("/^$FWS|$FWS\$/", '', $element);
+      $element_length = strlen($element);
+  
+      if ($element_length > 0 and $element[0] === '(') {
+        $index_brace = strpos($element, ')');
+        if ($index_brace !== FALSE) {
+          if (preg_match('/(?<!\\\\)[\\(\\)]/', substr($element, 1, $index_brace - 1)) > 0) {
+            return FALSE;
+          }
+          $element = substr($element, $index_brace + 1, $element_length - $index_brace - 1);
+          $element_length = strlen($element);
+        }
+      }
+      
+      if ($element_length > 0 and $element[$element_length - 1] === ')') {
+        $index_brace = strrpos($element, '(');
+        if ($index_brace !== FALSE) {
+          if (preg_match('/(?<!\\\\)(?:[\\(\\)])/', substr($element, $index_brace + 1, $element_length - $index_brace - 2)) > 0) {
+            return FALSE;
+          }
+          $element = substr($element, 0, $index_brace);
+          $element_length = strlen($element);
+        }
+      }
+      $element = preg_replace("/^$FWS|$FWS\$/", '', $element);
+      if ($part_length > 0) {
+        $part_length++;
+      }
+      $part_length += strlen($element);
+      if ($element_length > 63) {
+        return FALSE;
+      }
+      if ($element_length === 0) {
+        return FALSE;
+      }
+      if (preg_match('/[\\x00-\\x20\\(\\)<>\\[\\]:;@\\\\,\\."]|^-|-$/', $element) > 0) {
+        return FALSE;
+      }
+    }
+
+    if ($part_length > 255) {
+      return FALSE;
+    }
+
+    if (preg_match('/^[0-9]+$/', $element) > 0) {
+      return FALSE;
+    }
+  }
+  return TRUE;
 }
 
 /**