functions.inc.php:

- check_email(): don't trim() mail address to avoid that aliases starting with a space are allowed. This fixes http://sourceforge.net/p/postfixadmin/bugs/210/ and https://sourceforge.net/p/postfixadmin/feature-requests/113/ create-mailbox.php: - revert r1520 - changing check_email() to not trim the mail address is better than trim()ing the localpart CHANGELOG.TXT: - update for the changes above git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/branches/postfixadmin-2.3@1622 a1433add-5e2c-0410-b055-b7f2511e0802
11 years ago · 5bf296db44
parent e923f5842c
commit 5bf296db44
3 changed files with 5 additions and 3 deletions
--- a/CHANGELOG.TXT
+++ b/CHANGELOG.TXT
@ -15,7 +15,9 @@ Changes since 2.3.6 release
  - lt.lang, da.lang translation update
  - when enabling/disabling a mailbox, also update the corresponding alias
  - fix creating superadmin in setup.php with MariaDB (more strict SQL)
-  - trim() localpart in create-mailbox to avoid mailbox names with leading space
+  - don't trim() mail address to avoid that aliases starting with a space are
+    allowed. This fixes http://sourceforge.net/p/postfixadmin/bugs/210/ and
+    https://sourceforge.net/p/postfixadmin/feature-requests/113/
  - mark vacation_notification.notified field as latin1 to avoid overlong index
  - vacation.pl: encode subject
  - vacation.pl: disable use of TLS by default due to a bug in Mail::Sender 0.8.22
--- a/create-mailbox.php
+++ b/create-mailbox.php
@ -71,7 +71,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET")
 if ($_SERVER['REQUEST_METHOD'] == "POST")
 {

-    if (isset ($_POST['fUsername']) && isset ($_POST['fDomain'])) $fUsername = escape_string (trim($_POST['fUsername'])) . "@" . escape_string ($_POST['fDomain']);
+    if (isset ($_POST['fUsername']) && isset ($_POST['fDomain'])) $fUsername = escape_string ($_POST['fUsername']) . "@" . escape_string ($_POST['fDomain']);
    $fUsername = strtolower ($fUsername);
    if (isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']);
    if (isset ($_POST['fPassword2'])) $fPassword2 = escape_string ($_POST['fPassword2']);
--- a/functions.inc.php
+++ b/functions.inc.php
@ -284,7 +284,7 @@ function check_email ($email)
    }

    // Perform non-domain-part sanity checks
-    if (!preg_match ('/^[-!#$%&\'*+\\.\/0-9=?A-Z^_{|}~]+' . '@' . '[^@]+$/i', trim ($ce_email)))
+    if (!preg_match ('/^[-!#$%&\'*+\\.\/0-9=?A-Z^_{|}~]+' . '@' . '[^@]+$/i', $ce_email))
    {
        flash_error($PALANG['pInvalidMailRegex']);
        return false;