ZF-12157: Zend_Validate_EmailAddress returns INVALID_SEGMENT when the address is routable

Issue Type: Bug Created: 2012-04-16T19:50:34.000+0000 Last Updated: 2012-04-16T19:50:34.000+0000 Status: Open Fix version(s): Reporter: Brian Morton ( Assignee: Thomas Weidner (thomas) Tags: - Zend_Validate

Related issues: Attachments:

Description has public routable MX servers that sit on a network segment beginning with 192, but not in a class C reserved range. The _isReserved check has a couple of bugs that prevent proper validation.

A test case

<pre class="highlight">
$validator = new Zend_Validate_EmailAddress();
    'allow' => Zend_Validate_Hostname::ALLOW_DNS,
    'mx'    => true,
    'deep'  => true

Some debug data: {panel} dig MX

; <<>> DiG 9.7.1-P2 <<>> MX ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17090 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 5


;; ANSWER SECTION: 374 IN MX 10 374 IN MX 10 374 IN MX 10 374 IN MX 10 374 IN MX 10

;; ADDITIONAL SECTION: 227 IN A 205 IN A 228 IN A 205 IN A 169 IN A {panel}

Lines 365 and 366 of Zend_Validate_EmailAddress->_isReserved have typecasts to integer that make the subsequent checks as type array on lines 370 and 371 fail. Removing the int casts makes the comparison work properly.

Moreover, the entire check is conceptually incorrect since a range outside of what is in _invalidIp is fundamentally valid. Rather than checking if it is outside of the address range in each _invalidIp and returning false, it should probably check if it is inside the range and return true on line 372, and then return false by default on line 377.


No comments to display

Have you found an issue?

See the Overview section for more details.


© 2006-2018 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.