From bdf0a6539edf34f806509f354f96a637dd5c39cb Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sun, 19 Jan 2020 19:21:28 +0100
Subject: [PATCH] Relaxed domain name validation for extended TLDs support
 (#5588)

---
 CHANGELOG                             | 1 +
 program/js/common.js                  | 4 ++--
 program/lib/Roundcube/rcube_utils.php | 6 ++++--
 tests/Framework/Utils.php             | 1 +
 4 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 914fbe66d..2159a7a55 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Relaxed domain name validation for extended TLDs support (#5588)
 - Added support for INSERT OR REPLACE queries (#6771)
 - Extract RFC2231 attachment name from message headers (#6729, #6783)
 - Managesieve: Allow display name with email address in vacation :from field (#6760)
diff --git a/program/js/common.js b/program/js/common.js
index e409ac889..c44169cdc 100644
--- a/program/js/common.js
+++ b/program/js/common.js
@@ -425,8 +425,8 @@ function rcube_check_email(input, inline, count, strict)
       // So, e-mail address should be validated also on server side after idn_to_ascii() use
       //domain_literal = '\\x5b('+dtext+'|'+quoted_pair+')*\\x5d',
       //sub_domain = '('+atom+'|'+domain_literal+')',
-      // allow punycode/unicode top-level domain
-      domain = '(('+ip_addr+')|(([^@\\x2e]+\\x2e)+([^\\x00-\\x40\\x5b-\\x60\\x7b-\\x7f]{2,}|xn--[a-z0-9]{2,})))',
+      // allow punycode/unicode top-level domain, allow extended domains (#5588)
+      domain = '(('+ip_addr+')|(([^@\\x2e]+\\x2e)+([^\\x00-\\x2f\\x3a-\\x40\\x5b-\\x60\\x7b-\\x7f]{2,}|xn--[a-z0-9]{2,})))',
       // ICANN e-mail test (http://idn.icann.org/E-mail_test)
       icann_domains = [
         '\\u0645\\u062b\\u0627\\u0644\\x2e\\u0625\\u062e\\u062a\\u0628\\u0627\\u0631',
diff --git a/program/lib/Roundcube/rcube_utils.php b/program/lib/Roundcube/rcube_utils.php
index ac779a03a..da23fd51f 100644
--- a/program/lib/Roundcube/rcube_utils.php
+++ b/program/lib/Roundcube/rcube_utils.php
@@ -127,9 +127,11 @@ class rcube_utils
                 }
             }
 
-            // last domain part
+            // last domain part (allow extended TLD)
             $last_part = array_pop($domain_array);
-            if (strpos($last_part, 'xn--') !== 0 && preg_match('/[^a-zA-Z]/', $last_part)) {
+            if (strpos($last_part, 'xn--') !== 0
+                && (preg_match('/[^a-zA-Z0-9]/', $last_part) || preg_match('/^[0-9]+$/', $last_part))
+            ) {
                 return false;
             }
 
diff --git a/tests/Framework/Utils.php b/tests/Framework/Utils.php
index 770d87014..961fbbe2f 100644
--- a/tests/Framework/Utils.php
+++ b/tests/Framework/Utils.php
@@ -31,6 +31,7 @@ class Framework_Utils extends PHPUnit\Framework\TestCase
             array('firstname-lastname@domain.com', 'Dash in address field is valid'),
             array('test@xn--e1aaa0cbbbcacac.xn--p1ai', 'IDNA domain'),
             array('あいうえお@domain.com', 'Unicode char as address'),
+            array('test@domain.2legit2quit', 'Extended TLD'),
         );
     }