From: Alexander Ebert <ebert@woltlab.com>
Date: Fri, 23 Aug 2024 13:31:52 +0000 (+0200)
Subject: Reject email domains that do not contain a dot
X-Git-Tag: 6.1.0_Alpha_3~5
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=8efd968eb1aa5469866a01e99f36536925da6f37;p=GitHub%2FWoltLab%2FWCF.git

Reject email domains that do not contain a dot

See https://www.woltlab.com/community/thread/305125-userutil-isvalidemail-pr%C3%BCft-unvollst%C3%A4ndig/
---

diff --git a/wcfsetup/install/files/lib/system/email/Mailbox.class.php b/wcfsetup/install/files/lib/system/email/Mailbox.class.php
index 54c421f895..0c3e5cd984 100644
--- a/wcfsetup/install/files/lib/system/email/Mailbox.class.php
+++ b/wcfsetup/install/files/lib/system/email/Mailbox.class.php
@@ -111,7 +111,10 @@ class Mailbox
         $address = $localpart . '@' . $domain;
 
         if (
-            !\preg_match('(^' . EmailGrammar::getGrammar('addr-spec') . '$)', $address)
+            // Dotless domains are semantically correct but in practice are a
+            // common typo because those domains are not routable on the internet.
+            !\str_contains($domain, '.')
+            || !\preg_match('(^' . EmailGrammar::getGrammar('addr-spec') . '$)', $address)
             // The addr-spec within a RFC 5322 message accepts CFWS, but SMTP does not. Including
             // CFWS in an email address does not make sense, thus we reject email addresses that
             // include CFWS, even if they technically match the addr-spec.