ProcessWire
ProcessWire copied to clipboard
ryancramerdesign
WireMail / Sanitizer E-Mail does not accept IDN domains
WireMail does not accept e-mail addresses with IDN domains as sender or recipient, info@bäckerei-müller.de for example. In my view, the problem lies in the Sanitizer class, when checking e-mail addresses. The e-mail should be already converted before the test.
Test case
$mail = wireMail();
$mail->to('info@bäckerei-müller.de');
$mail->from('info@bäckerei-römer.de');
$mail->subject('Test Mail');
$mail->body('Test Mail');
$mail->send();
Throws:
Error: Exception: Invalid email address () (in C:\xampp\htdocs\testing\wire\core\WireMail.php line 78)
#0 C:\xampp\htdocs\testing\wire\core\WireMail.php(177): ProcessWire\WireMail->sanitizeEmail('info@b\xE3\xA4ckerei-...')
#1 C:\xampp\htdocs\testing\site\templates\basic-page.php(7): ProcessWire\WireMail->to('info@b\xC3\xA4ckerei-...')
#2 C:\xampp\htdocs\testing\wire\core\TemplateFile.php(219): require('C:\\xampp\\htdocs...')
#3 [internal function]: ProcessWire\TemplateFile->___render()
#4 C:\xampp\htdocs\testing\wire\core\Wire.php(347): call_user_func_array(Array, Array)
#5 C:\xampp\htdocs\testing\wire\core\WireHooks.php(555): ProcessWire\Wire->_callMethod('___render', Array)
#6 C:\xampp\htdocs\testing\wire\core\Wire.php(370): ProcessWire\WireHooks->runHooks(Object(ProcessWire\TemplateFile), 'render', Array)
#7 C:\xampp\htdocs\testing\wire\modules\PageRender.module(503): ProcessWire\Wire->__call('render', Array)
#8 [inte
This error message was shown because: you are logged in as a Superuser. Error has been logged.
ProcessWire version: 3.0.18
The problem is that PHP's own FILTER_SANTIZE_EMAIL and FILTER_VALIDATE_EMAIL don't support IDNs. Our sanitizer essentially delegates email sanitization/validation to PHP. I don't feel confident that I'm up to coding a separate email sanitizer with IDN support, as doing it right would probably be a significant undertaking. If you know of any existing solutions that are really solid, we could always look at integrating our sanitizer to use it for a second pass when PHP's filter_var() indicates an email isn't valid.
Unless you're against pulling in components from other frameworks, there are multiple options available, such as https://zendframework.github.io/zend-validator/validators/email-address/. As an added bonus this particular package supports MX checks and various other "advanced" features, should we ever find a reason to implement those :)
According to the documentation and a bug report at drupal the PHP filter supports IDN addresses, if this has been previously converted into Punycode. The following example works:
$mail = wireMail();
$mail->to('[email protected]');
$mail->from('[email protected]');
$mail->subject('Test Mail');
$mail->body('Test Mail');
$mail->send();
You were already intigriert the Punycode converter in one of the latest versions? Then you can before the test, check with a regex if special characters are included and then convert into Punycode?
Unless you're against pulling in components from other frameworks, there are multiple options available, such as https://zendframework.github.io/zend-validator/validators/email-address/. As an added bonus this particular package supports MX checks and various other "advanced" features, should we ever find a reason to implement those :)
OT: I am currently working on a module, which does such audits. DNS (MX/A), DNSBL, SBL-checks, etc. This can be used for WireMail, WireMailSMTP, CommentsFilter, or as API. :)