search

in2code-de / powermail

This is the official repository of the TYPO3 extension powermail! Powermail is a well-known, editor-friendly, powerful and easy mailform extension for TYPO3
https://in2code.de
89 stars 174 forks source link

Blacklist words should be `preg_quote`d in Validator/SpamShield/ValueBlacklistMethod.php #979

Open weberdigital opened 9 months ago

weberdigital commented 9 months ago

The blacklist does not work properly, if the words in it contain characters, that have special meanings in a regex (e.g., ^ or $).

The function ValueBlacklistMethod::isStringInString in https://github.com/in2code-de/powermail/blob/12.1.1/Classes/Domain/Validator/SpamShield/ValueBlacklistMethod.php#L78 should be changed to something like this:

protected function isStringInString(string $haystack, string $needle): bool
{
    // Change start
    $needle = preg_quote($needle, '/');
    // Change end
    return preg_match('/(?:\A|[@\s\b_-]|\.)' . $needle . '(?:$|[\s\b_-]|\.)/i', $haystack) === 1;
}
mschwemer commented 1 month ago

Tested your code snippet. Did not change anything (at least in the test setup)

Would you mind to provide a PR with testing instruction? That would be great.