From 949842a88d3f3c84fc87fbb549b2b397076dcbc5 Mon Sep 17 00:00:00 2001 From: Friendika Date: Mon, 15 Nov 2010 20:22:40 -0800 Subject: [PATCH] validate email addresses to see if the hostnames actually resolve before committing a new user --- boot.php | 20 ++++++++++++++++---- mod/register.php | 3 +-- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/boot.php b/boot.php index baf1f48121..c90d051305 100644 --- a/boot.php +++ b/boot.php @@ -1160,13 +1160,25 @@ function validate_url(&$url) { $url = 'http://' . $url; $h = parse_url($url); - if(! $h) { - return false; + if(($h) && (checkdnsrr($h['host'], 'ANY'))) { + return true; } - if(! checkdnsrr($h['host'], 'ANY')) { + return false; +}} + +// checks that email is an actual resolvable internet address + +if(! function_exists('validate_email')) { +function validate_email($addr) { + + if(! strpos($addr,'@')) return false; + $h = substr($addr,strpos($addr,'@') + 1); + + if(($h) && (checkdnsrr($h, 'ANY'))) { + return true; } - return true; + return false; }} // Check $url against our list of allowed sites, diff --git a/mod/register.php b/mod/register.php index 773d553640..12d27482b3 100644 --- a/mod/register.php +++ b/mod/register.php @@ -65,10 +65,9 @@ function register_post(&$a) { if(! allowed_email($email)) $err .= t('Your email domain is not among those allowed on this site.') . EOL; - if(! valid_email($email)) + if((! valid_email($email)) || (! validate_email($email))) $err .= t('Not a valid email address.') . EOL; - $nickname = $_POST['nickname'] = strtolower($nickname); if(! preg_match("/^[a-z][a-z0-9\-\_]*$/",$nickname))