Fix regular expression for the `atext` production in EmailGrammar

Due to the missing escaping of the hyphen with a backslash the allowed
characters were not just:

- The plus sign (`+`, 0x2B),
- the dash      (`-`, 0x2D), and
- the slash     (`/`, 0x2F).

But all ASCII characters between 0x2B and 0x2F, namely:

- The plus sign (`+`, 0x2B),
- the comma     (`,`, 0x2C),
- the dash      (`-`, 0x2D),
- the dot       (`.`, 0x2E), and
- the slash     (`/`, 0x2F).

i.e. the comma and dot in addition to the actually allowed characters.

This error caused an incorrect encoding of headers in `::encodeHeader()`.
Specifically the real name of a mailbox was affected by this issue. As a result
a real name that included a dot, but otherwise matched the `atom` grammar was
improperly encoded, possibly causing email parsing failures for MUAs.

diff --git a/wcfsetup/install/files/lib/system/email/EmailGrammar.class.php b/wcfsetup/install/files/lib/system/email/EmailGrammar.class.php
index 60229c05c390e9517bf35f65d5541578ea6463bc..3f15e7ba30ddfe1fdaaabbf4a08fab161ab255a6 100644 (file)
--- a/wcfsetup/install/files/lib/system/email/EmailGrammar.class.php
+++ b/wcfsetup/install/files/lib/system/email/EmailGrammar.class.php
@@ -32,7 +32,7 @@ final class EmailGrammar {
                        case 'quoted-pair':
                                return "(?:\\\\(?:".self::getGrammar('WSP')."|".self::getGrammar('VCHAR')."))";
                        case 'atext':
-                               return "[a-zA-Z0-9!#$%&'*+-/=?^_`{|}~]";
+                               return "[a-zA-Z0-9!#$%&'*+\\-/=?^_`{|}~]";
                        case 'atom':
                                return "(?:".self::getGrammar('CFWS')."?".self::getGrammar('atext')."+".self::getGrammar('CFWS')."?)";
                        case 'id-left':