2 files changed, 36 insertions, 7 deletions

diff --git a/inc/EmailAddressValidator.php b/inc/EmailAddressValidator.php
index 2ce2093e2..31b34cc58 100644
--- a/inc/EmailAddressValidator.php
+++ b/inc/EmailAddressValidator.php
@@ -5,21 +5,38 @@
  * @author  Dave Child <dave@addedbytes.com>
  * @link    http://code.google.com/p/php-email-address-validation/
  * @license http://www.opensource.org/licenses/bsd-license.php
+ * @version SVN r10 + Issue 15 fix
  */
 class EmailAddressValidator {
+    /**
+     * Set true to allow addresses like me@localhost
+     */
+    public $allowLocalAddresses = false;
 
     /**
      * Check email address validity
      * @param   strEmailAddress     Email address to be checked
      * @return  True if email is valid, false if not
      */
-    function check_email_address($strEmailAddress) {
+    public function check_email_address($strEmailAddress) {
+
+        // If magic quotes is "on", email addresses with quote marks will
+        // fail validation because of added escape characters. Uncommenting
+        // the next three lines will allow for this issue.
+        //if (get_magic_quotes_gpc()) {
+        //    $strEmailAddress = stripslashes($strEmailAddress);
+        //}
 
         // Control characters are not allowed
         if (preg_match('/[\x00-\x1F\x7F-\xFF]/', $strEmailAddress)) {
             return false;
         }
 
+        // Check email length - min 3 (a@a), max 256
+        if (!$this->check_text_length($strEmailAddress, 3, 256)) {
+            return false;
+        }
+
         // Split it into sections using last instance of "@"
         $intAtSymbol = strrpos($strEmailAddress, '@');
         if ($intAtSymbol === false) {
@@ -31,10 +48,15 @@ class EmailAddressValidator {
 
         // Count the "@" symbols. Only one is allowed, except where
         // contained in quote marks in the local part. Quickest way to
-        // check this is to remove anything in quotes.
-        $arrTempAddress[0] = preg_replace('/"[^"]+"/'
+        // check this is to remove anything in quotes. We also remove
+        // characters escaped with backslash, and the backslash
+        // character.
+        $arrTempAddress[0] = preg_replace('/\./'
                                          ,''
                                          ,$arrEmailAddress[0]);
+        $arrTempAddress[0] = preg_replace('/"[^"]+"/'
+                                         ,''
+                                         ,$arrTempAddress[0]);
         $arrTempAddress[1] = $arrEmailAddress[1];
         $strTempAddress = $arrTempAddress[0] . $arrTempAddress[1];
         // Then check - should be no "@" symbols.
@@ -63,7 +85,7 @@ class EmailAddressValidator {
      * @param   strLocalPortion     Text to be checked
      * @return  True if local portion is valid, false if not
      */
-    function check_local_portion($strLocalPortion) {
+    protected function check_local_portion($strLocalPortion) {
         // Local portion can only be from 1 to 64 characters, inclusive.
         // Please note that servers are encouraged to accept longer local
         // parts than 64 characters.
@@ -94,7 +116,7 @@ class EmailAddressValidator {
      * @param   strDomainPortion     Text to be checked
      * @return  True if domain portion is valid, false if not
      */
-    function check_domain_portion($strDomainPortion) {
+    protected function check_domain_portion($strDomainPortion) {
         // Total domain can only be from 1 to 255 characters, inclusive
         if (!$this->check_text_length($strDomainPortion, 1, 255)) {
             return false;
@@ -109,7 +131,7 @@ class EmailAddressValidator {
             return true;
         } else {
             $arrDomainPortion = explode('.', $strDomainPortion);
-            if (sizeof($arrDomainPortion) < 2) {
+            if (!$this->allowLocalAddresses && sizeof($arrDomainPortion) < 2) {
                 return false; // Not enough parts to domain
             }
             for ($i = 0, $max = sizeof($arrDomainPortion); $i < $max; $i++) {
@@ -121,6 +143,11 @@ class EmailAddressValidator {
                    .'([A-Za-z0-9]+))$/', $arrDomainPortion[$i])) {
                     return false;
                 }
+                if ($i == $max - 1) { // TLD cannot be only numbers
+                    if (strlen(preg_replace('/[0-9]/', '', $arrDomainPortion[$i])) <= 0) {
+                        return false;
+                    }
+                }
             }
         }
         return true;
@@ -133,7 +160,7 @@ class EmailAddressValidator {
      * @param   intMaximum  Maximum acceptable length
      * @return  True if string is within bounds (inclusive), false if not
      */
-    function check_text_length($strText, $intMinimum, $intMaximum) {
+    protected function check_text_length($strText, $intMinimum, $intMaximum) {
         // Minimum and maximum are both inclusive
         $intTextLength = strlen($strText);
         if (($intTextLength < $intMinimum) || ($intTextLength > $intMaximum)) {
@@ -142,5 +169,6 @@ class EmailAddressValidator {
             return true;
         }
     }
+
 }
 
diff --git a/inc/mail.php b/inc/mail.php
index e1f327cfe..aa9d195d1 100644
--- a/inc/mail.php
+++ b/inc/mail.php
@@ -227,6 +227,7 @@ function mail_encode_address($string,$header='',$names=true){
  */
 function mail_isvalid($email){
     $validator = new EmailAddressValidator;
+    $validator->allowLocalAddresses = true;
     return $validator->check_email_address($email);
 }