Reject email domains that do not contain a dot

See https://www.woltlab.com/community/thread/305125-userutil-isvalidemail-pr%C3%BCft-unvollst%C3%A4ndig/

diff --git a/wcfsetup/install/files/lib/system/email/Mailbox.class.php b/wcfsetup/install/files/lib/system/email/Mailbox.class.php
index 54c421f895f94c051dd6958ba9411234ea65f819..0c3e5cd984d5f7f6bbeac534573fe4faf8147308 100644 (file)
--- a/wcfsetup/install/files/lib/system/email/Mailbox.class.php
+++ b/wcfsetup/install/files/lib/system/email/Mailbox.class.php
@@ -111,7 +111,10 @@ class Mailbox
         $address = $localpart . '@' . $domain;
 
         if (
-            !\preg_match('(^' . EmailGrammar::getGrammar('addr-spec') . '$)', $address)
+            // Dotless domains are semantically correct but in practice are a
+            // common typo because those domains are not routable on the internet.
+            !\str_contains($domain, '.')
+            || !\preg_match('(^' . EmailGrammar::getGrammar('addr-spec') . '$)', $address)
             // The addr-spec within a RFC 5322 message accepts CFWS, but SMTP does not. Including
             // CFWS in an email address does not make sense, thus we reject email addresses that
             // include CFWS, even if they technically match the addr-spec.