MAGETWO-64901: Bypassing outdated TLD validation

pdohogne-magento · pdohogne-magento · commit dc5a14e7b2be · 2017-06-28T02:30:23.000-05:00
diff --git a/app/code/Magento/Config/Model/Config/Backend/Email/Address.php b/app/code/Magento/Config/Model/Config/Backend/Email/Address.php
@@ -23,7 +23,7 @@ class Address extends \Magento\Framework\App\Config\Value
     public function beforeSave()
     {
         $value = $this->getValue();
-        if (!\Zend_Validate::is($value, 'EmailAddress')) {
+        if (!\Zend_Validate::is($value, \Magento\Framework\Validator\EmailAddress::class)) {
             throw new LocalizedException(__('Please correct the email address: "%1".', $value));
         }
         return $this;
diff --git a/app/code/Magento/Customer/Controller/Account/ForgotPasswordPost.php b/app/code/Magento/Customer/Controller/Account/ForgotPasswordPost.php
@@ -60,7 +60,7 @@ public function execute()
         $resultRedirect = $this->resultRedirectFactory->create();
         $email = (string)$this->getRequest()->getPost('email');
         if ($email) {
-            if (!\Zend_Validate::is($email, 'EmailAddress')) {
+            if (!\Zend_Validate::is($email, \Magento\Framework\Validator\EmailAddress::class)) {
                 $this->session->setForgottenEmail($email);
                 $this->messageManager->addErrorMessage(__('Please correct the email address.'));
                 return $resultRedirect->setPath('*/*/forgotpassword');
diff --git a/app/code/Magento/Customer/Model/Metadata/Form/AbstractData.php b/app/code/Magento/Customer/Model/Metadata/Form/AbstractData.php
@@ -11,6 +11,7 @@
 namespace Magento\Customer\Model\Metadata\Form;
 
 use Magento\Framework\Api\ArrayObjectSearch;
+use Magento\Framework\Validator\EmailAddress;
 
 /**
  * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
@@ -336,7 +337,7 @@ protected function _validateInputRule($value)
                     __("'%value%' appears to be a DNS hostname but cannot extract TLD part")
                     __("'%value%' appears to be a DNS hostname but cannot match TLD against known list")
                     */
-                    $validator = new \Zend_Validate_EmailAddress();
+                    $validator = new EmailAddress();
                     $validator->setMessage(
                         __('"%1" invalid type entered.', $label),
                         \Zend_Validate_EmailAddress::INVALID
@@ -377,10 +378,6 @@ protected function _validateInputRule($value)
                         __("'%value%' looks like an IP address, which is not an acceptable format."),
                         \Zend_Validate_Hostname::IP_ADDRESS_NOT_ALLOWED
                     );
-                    $validator->setMessage(
-                        __("'%value%' looks like a DNS hostname but we cannot match the TLD against known list."),
-                        \Zend_Validate_Hostname::UNKNOWN_TLD
-                    );
                     $validator->setMessage(
                         __("'%value%' looks like a DNS hostname but contains a dash in an invalid position."),
                         \Zend_Validate_Hostname::INVALID_DASH
diff --git a/app/code/Magento/CustomerImportExport/Model/Import/AbstractCustomer.php b/app/code/Magento/CustomerImportExport/Model/Import/AbstractCustomer.php
@@ -235,7 +235,7 @@ protected function _checkUniqueKey(array $rowData, $rowNumber)
             $email = strtolower($rowData[static::COLUMN_EMAIL]);
             $website = $rowData[static::COLUMN_WEBSITE];
 
-            if (!\Zend_Validate::is($email, 'EmailAddress')) {
+            if (!\Zend_Validate::is($email, \Magento\Framework\Validator\EmailAddress::class)) {
                 $this->addRowError(static::ERROR_INVALID_EMAIL, $rowNumber, static::COLUMN_EMAIL);
             } elseif (!isset($this->_websiteCodeToId[$website])) {
                 $this->addRowError(static::ERROR_INVALID_WEBSITE, $rowNumber, static::COLUMN_WEBSITE);
diff --git a/app/code/Magento/Eav/Model/Attribute/Data/AbstractData.php b/app/code/Magento/Eav/Model/Attribute/Data/AbstractData.php
@@ -10,6 +10,7 @@
 
 use Magento\Framework\App\RequestInterface;
 use Magento\Framework\Exception\LocalizedException as CoreException;
+use Magento\Framework\Validator\EmailAddress;
 
 /**
  * EAV Attribute Abstract Data Model
@@ -365,7 +366,7 @@ protected function _validateInputRule($value)
                     __("'%value%' appears to be a DNS hostname but cannot extract TLD part")
                     __("'%value%' appears to be a DNS hostname but cannot match TLD against known list")
                     */
-                    $validator = new \Zend_Validate_EmailAddress();
+                    $validator = new EmailAddress();
                     $validator->setMessage(
                         __('"%1" invalid type entered.', $label),
                         \Zend_Validate_EmailAddress::INVALID
@@ -406,10 +407,6 @@ protected function _validateInputRule($value)
                         __("'%value%' looks like an IP address, which is not an acceptable format."),
                         \Zend_Validate_Hostname::IP_ADDRESS_NOT_ALLOWED
                     );
-                    $validator->setMessage(
-                        __("'%value%' looks like a DNS hostname but we cannot match the TLD against known list."),
-                        \Zend_Validate_Hostname::UNKNOWN_TLD
-                    );
                     $validator->setMessage(
                         __("'%value%' looks like a DNS hostname but contains a dash in an invalid position."),
                         \Zend_Validate_Hostname::INVALID_DASH
diff --git a/app/code/Magento/Newsletter/Controller/Subscriber/NewAction.php b/app/code/Magento/Newsletter/Controller/Subscriber/NewAction.php
@@ -103,7 +103,7 @@ protected function validateGuestSubscription()
      */
     protected function validateEmailFormat($email)
     {
-        if (!\Zend_Validate::is($email, 'EmailAddress')) {
+        if (!\Zend_Validate::is($email, \Magento\Framework\Validator\EmailAddress::class)) {
             throw new \Magento\Framework\Exception\LocalizedException(__('Please enter a valid email address.'));
         }
     }
diff --git a/app/code/Magento/Quote/Model/Quote/Address/Validator.php b/app/code/Magento/Quote/Model/Quote/Address/Validator.php
@@ -39,7 +39,7 @@ public function isValid($value)
     {
         $messages = [];
         $email = $value->getEmail();
-        if (!empty($email) && !\Zend_Validate::is($email, 'EmailAddress')) {
+        if (!empty($email) && !\Zend_Validate::is($email, \Magento\Framework\Validator\EmailAddress::class)) {
             $messages['invalid_email_format'] = 'Invalid email format';
         }
 
diff --git a/app/code/Magento/SendFriend/Model/SendFriend.php b/app/code/Magento/SendFriend/Model/SendFriend.php
@@ -237,7 +237,7 @@ public function validate()
         }
 
         $email = $this->getSender()->getEmail();
-        if (empty($email) or !\Zend_Validate::is($email, 'EmailAddress')) {
+        if (empty($email) or !\Zend_Validate::is($email, \Magento\Framework\Validator\EmailAddress::class)) {
             $errors[] = __('Invalid Sender Email');
         }
 
@@ -252,7 +252,7 @@ public function validate()
 
         // validate recipients email addresses
         foreach ($this->getRecipients()->getEmails() as $email) {
-            if (!\Zend_Validate::is($email, 'EmailAddress')) {
+            if (!\Zend_Validate::is($email, \Magento\Framework\Validator\EmailAddress::class)) {
                 $errors[] = __('Please enter a correct recipient email address.');
                 break;
             }
diff --git a/app/code/Magento/User/Controller/Adminhtml/Auth/Forgotpassword.php b/app/code/Magento/User/Controller/Adminhtml/Auth/Forgotpassword.php
@@ -44,7 +44,7 @@ public function execute()
         $resultRedirect = $this->resultRedirectFactory->create();
         if (!empty($email) && !empty($params)) {
             // Validate received data to be an email address
-            if (\Zend_Validate::is($email, 'EmailAddress')) {
+            if (\Zend_Validate::is($email, \Magento\Framework\Validator\EmailAddress::class)) {
                 try {
                     $this->securityManager->performSecurityCheck(
                         \Magento\Security\Model\PasswordResetRequestEvent::ADMIN_PASSWORD_RESET_REQUEST,
diff --git a/app/code/Magento/Wishlist/Controller/Index/Send.php b/app/code/Magento/Wishlist/Controller/Index/Send.php
@@ -153,7 +153,7 @@ public function execute()
                 } else {
                     foreach ($emails as $index => $email) {
                         $email = trim($email);
-                        if (!\Zend_Validate::is($email, 'EmailAddress')) {
+                        if (!\Zend_Validate::is($email, \Magento\Framework\Validator\EmailAddress::class)) {
                             $error = __('Please enter a valid email address.');
                             break;
                         }
diff --git a/dev/tests/integration/testsuite/Magento/User/Controller/Adminhtml/UserTest.php b/dev/tests/integration/testsuite/Magento/User/Controller/Adminhtml/UserTest.php
@@ -12,6 +12,9 @@
  */
 class UserTest extends \Magento\TestFramework\TestCase\AbstractBackendController
 {
+    /**
+     * Verify that the main user page contains the user grid
+     */
     public function testIndexAction()
     {
         $this->dispatch('backend/admin/user/index');
@@ -20,13 +23,18 @@ public function testIndexAction()
         $this->assertSelectCount('#permissionsUserGrid_table', 1, $response);
     }
 
+    /**
+     * Verify that attempting to save a user when no data is present redirects back to the main user page
+     */
     public function testSaveActionNoData()
     {
         $this->dispatch('backend/admin/user/save');
         $this->assertRedirect($this->stringContains('backend/admin/user/index/'));
     }
 
     /**
+     * Verify that a user cannot be saved if it no longer exists
+     *
      * @magentoDataFixture Magento/User/_files/dummy_user.php
      */
     public function testSaveActionWrongId()
@@ -50,6 +58,8 @@ public function testSaveActionWrongId()
     }
 
     /**
+     * Verify that users cannot be saved if the admin password is not correct
+     *
      * @magentoDbIsolation enabled
      */
     public function testSaveActionMissingCurrentAdminPassword()
@@ -71,6 +81,8 @@ public function testSaveActionMissingCurrentAdminPassword()
     }
 
     /**
+     * Verify that users can be successfully saved when data is correct
+     *
      * @magentoDbIsolation enabled
      */
     public function testSaveAction()
@@ -96,6 +108,8 @@ public function testSaveAction()
     }
 
     /**
+     * Verify that users with the same username or email as an existing user cannot be created
+     *
      * @magentoDbIsolation enabled
      * @magentoDataFixture Magento/User/_files/user_with_role.php
      */
@@ -122,8 +136,10 @@ public function testSaveActionDuplicateUser()
     }
 
     /**
+     * Verify password change properly updates fields when the request is valid
+     *
      * @magentoDbIsolation enabled
-     * @dataProvider resetPasswordDataProvider
+     * @dataProvider saveActionPasswordChangeDataProvider
      */
     public function testSaveActionPasswordChange($postData, $isPasswordCorrect)
     {
@@ -148,7 +164,12 @@ public function testSaveActionPasswordChange($postData, $isPasswordCorrect)
         }
     }
 
-    public function resetPasswordDataProvider()
+    /**
+     * Dataprovider for testSaveActionPasswordChange
+     *
+     * @return array
+     */
+    public function saveActionPasswordChangeDataProvider()
     {
         $password = uniqid('123q');
         $passwordPairs = [
@@ -175,6 +196,9 @@ public function resetPasswordDataProvider()
         return $data;
     }
 
+    /**
+     * Verify that the role grid is present when requested
+     */
     public function testRoleGridAction()
     {
         $this->getRequest()->setParam('ajax', true)->setParam('isAjax', true);
@@ -184,6 +208,8 @@ public function testRoleGridAction()
     }
 
     /**
+     * Verify that the roles grid is present when requested
+     *
      * @depends testSaveAction
      */
     public function testRolesGridAction()
@@ -195,6 +221,8 @@ public function testRolesGridAction()
     }
 
     /**
+     * Verify that expected header and fieldsets are present for edit
+     *
      * @depends testSaveAction
      */
     public function testEditAction()
@@ -208,6 +236,9 @@ public function testEditAction()
         $this->assertSelectCount('#user_base_fieldset', 1, $response);
     }
 
+    /**
+     * Verify that validation passes on correct data
+     */
     public function testValidateActionSuccess()
     {
         $data = [
@@ -226,13 +257,37 @@ public function testValidateActionSuccess()
         $this->assertEquals('{"error":0}', $body);
     }
 
+    /**
+     * Verify that an unknown top level domain on an email address does not fail validation
+     */
+    public function testValidateActionUnknownTldSuccess()
+    {
+        $data = [
+            'username' => 'admin2',
+            'firstname' => 'new firstname',
+            'lastname' => 'new lastname',
+            'email' => 'example@domain.unknown',
+            'password' => 'password123',
+            'password_confirmation' => 'password123',
+        ];
+
+        $this->getRequest()->setPostValue($data);
+        $this->dispatch('backend/admin/user/validate');
+        $body = $this->getResponse()->getBody();
+
+        $this->assertEquals('{"error":0}', $body);
+    }
+
+    /**
+     * Verify that an invalid email address format fails the validation
+     */
     public function testValidateActionError()
     {
         $data = [
             'username' => 'admin2',
             'firstname' => 'new firstname',
             'lastname' => 'new lastname',
-            'email' => 'example@domain.cim',
+            'email' => 'example@-domain.cim',
             'password' => 'password123',
             'password_confirmation' => 'password123',
         ];
@@ -245,6 +300,6 @@ public function testValidateActionError()
         $body = $this->getResponse()->getBody();
 
         $this->assertContains('{"error":1,"html_message":', $body);
-        $this->assertContains("'domain.cim' is not a valid hostname for email address 'example@domain.cim'", $body);
+        $this->assertContains("'-domain.cim' is not a valid hostname for email address 'example@-domain.cim", $body);
     }
 }
diff --git a/lib/internal/Magento/Framework/Validator/EmailAddress.php b/lib/internal/Magento/Framework/Validator/EmailAddress.php
@@ -7,6 +7,45 @@
  */
 namespace Magento\Framework\Validator;
 
+use Zend_Config;
+
 class EmailAddress extends \Zend_Validate_EmailAddress implements \Magento\Framework\Validator\ValidatorInterface
 {
+    /**
+     * Instantiates email validator for local use
+     *
+     * The following option keys are supported:
+     * 'hostname' => A hostname validator, see Zend_Validate_Hostname
+     * 'allow'    => Options for the hostname validator, see Zend_Validate_Hostname::ALLOW_*
+     * 'mx'       => If MX check should be enabled, boolean
+     * 'deep'     => If a deep MX check should be done, boolean
+     * 'tld'      => If TLD validation should be done, boolean, default false
+     *
+     * @param array $options OPTIONAL
+     */
+    public function __construct($options = [])
+    {
+        if ($options instanceof Zend_Config) {
+            $options = $options->toArray();
+        } elseif (!is_array($options)) {
+            $options = func_get_args();
+            $temp['allow'] = array_shift($options);
+            if (!empty($options)) {
+                $temp['mx'] = array_shift($options);
+            }
+
+            if (!empty($options)) {
+                $temp['hostname'] = array_shift($options);
+            }
+
+            if (!empty($options)) {
+                $temp['tld'] = array_shift($options);
+            }
+
+            $options = $temp;
+        }
+        parent::__construct($options);
+
+        $this->getHostnameValidator()->setValidateTld(array_key_exists('tld', $options) ? $options['tld'] : false);
+    }
 }
diff --git a/lib/internal/Magento/Framework/Validator/Test/Unit/EmailAddressTest.php b/lib/internal/Magento/Framework/Validator/Test/Unit/EmailAddressTest.php
@@ -0,0 +1,33 @@
+<?php
+/**
+ * Integration test for \Magento\Framework\Validator\Factory
+ *
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Framework\Validator\Test\Unit;
+
+use Magento\Framework\Validator\EmailAddress;
+
+class EmailAddressTest extends \PHPUnit_Framework_TestCase
+{
+    /**
+     * Test that the validator ignores TLD validation by default
+     */
+    public function testDefaultValidateIgnoresTLD()
+    {
+        /** @var EmailAddress $emailAddress */
+        $emailAddress = new EmailAddress();
+        $this->assertTrue($emailAddress->isValid("user@domain.unknown"));
+    }
+
+    /**
+     * Test that the TLD validation can be enabled on construction
+     */
+    public function testCanValidateTLD()
+    {
+        /** @var EmailAddress $emailAddress */
+        $emailAddress = new EmailAddress(['tld'=>true]);
+        $this->assertFalse($emailAddress->isValid("user@domain.unknown"));
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@ class Address extends \Magento\Framework\App\Config\Value`
`23`	`23`	`public function beforeSave()`
`24`	`24`	`{`
`25`	`25`	`$value = $this->getValue();`
`26`		`- if (!\Zend_Validate::is($value, 'EmailAddress')) {`
	`26`	`+ if (!\Zend_Validate::is($value, \Magento\Framework\Validator\EmailAddress::class)) {`
`27`	`27`	`throw new LocalizedException(__('Please correct the email address: "%1".', $value));`
`28`	`28`	`}`
`29`	`29`	`return $this;`
Original file line number	Diff line number	Diff line change
`@@ -103,7 +103,7 @@ protected function validateGuestSubscription()`
`103`	`103`	`*/`
`104`	`104`	`protected function validateEmailFormat($email)`
`105`	`105`	`{`
`106`		`- if (!\Zend_Validate::is($email, 'EmailAddress')) {`
	`106`	`+ if (!\Zend_Validate::is($email, \Magento\Framework\Validator\EmailAddress::class)) {`
`107`	`107`	`throw new \Magento\Framework\Exception\LocalizedException(__('Please enter a valid email address.'));`
`108`	`108`	`}`
`109`	`109`	`}`
Original file line number	Diff line number	Diff line change
`@@ -39,7 +39,7 @@ public function isValid($value)`
`39`	`39`	`{`
`40`	`40`	`$messages = [];`
`41`	`41`	`$email = $value->getEmail();`
`42`		`- if (!empty($email) && !\Zend_Validate::is($email, 'EmailAddress')) {`
	`42`	`+ if (!empty($email) && !\Zend_Validate::is($email, \Magento\Framework\Validator\EmailAddress::class)) {`
`43`	`43`	`$messages['invalid_email_format'] = 'Invalid email format';`
`44`	`44`	`}`
`45`	`45`
Original file line number	Diff line number	Diff line change
`@@ -237,7 +237,7 @@ public function validate()`
`237`	`237`	`}`
`238`	`238`
`239`	`239`	`$email = $this->getSender()->getEmail();`
`240`		`- if (empty($email) or !\Zend_Validate::is($email, 'EmailAddress')) {`
	`240`	`+ if (empty($email) or !\Zend_Validate::is($email, \Magento\Framework\Validator\EmailAddress::class)) {`
`241`	`241`	`$errors[] = __('Invalid Sender Email');`
`242`	`242`	`}`
`243`	`243`
`@@ -252,7 +252,7 @@ public function validate()`
`252`	`252`
`253`	`253`	`// validate recipients email addresses`
`254`	`254`	`foreach ($this->getRecipients()->getEmails() as $email) {`
`255`		`- if (!\Zend_Validate::is($email, 'EmailAddress')) {`
	`255`	`+ if (!\Zend_Validate::is($email, \Magento\Framework\Validator\EmailAddress::class)) {`
`256`	`256`	`$errors[] = __('Please enter a correct recipient email address.');`
`257`	`257`	`break;`
`258`	`258`	`}`
Original file line number	Diff line number	Diff line change
`@@ -153,7 +153,7 @@ public function execute()`
`153`	`153`	`} else {`
`154`	`154`	`foreach ($emails as $index => $email) {`
`155`	`155`	`$email = trim($email);`
`156`		`- if (!\Zend_Validate::is($email, 'EmailAddress')) {`
	`156`	`+ if (!\Zend_Validate::is($email, \Magento\Framework\Validator\EmailAddress::class)) {`
`157`	`157`	`$error = __('Please enter a valid email address.');`
`158`	`158`	`break;`
`159`	`159`	`}`