aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes/functions_user.php
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes/functions_user.php')
-rw-r--r--phpBB/includes/functions_user.php200
1 files changed, 200 insertions, 0 deletions
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index a1fd2c5555..9e83281f92 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -1556,7 +1556,207 @@ function validate_email($email, $allowed_email = false)
return false;
}
+/**
+* Validate jabber address
+* Taken from the jabber class within flyspray (see author notes)
+*
+* @author flyspray.org
+*/
+function validate_jabber($jid)
+{
+ if (!$jid)
+ {
+ return false;
+ }
+
+ $seperator_pos = strpos($jid, '@');
+
+ if ($seperator_pos === false)
+ {
+ return 'WRONG_DATA';
+ }
+
+ $username = substr($jid, 0, $seperator_pos);
+ $realm = substr($jid, $seperator_pos + 1);
+
+ if (strlen($username) == 0 || strlen($realm) < 3)
+ {
+ return 'WRONG_DATA';
+ }
+
+ $arr = explode('.', $realm);
+
+ if (sizeof($arr) == 0)
+ {
+ return 'WRONG_DATA';
+ }
+
+ foreach ($arr as $part)
+ {
+ if (substr($part, 0, 1) == '-' || substr($part, -1, 1) == '-')
+ {
+ return 'WRONG_DATA';
+ }
+
+ if (!preg_match("@^[a-zA-Z0-9-.]+$@", $part))
+ {
+ return 'WRONG_DATA';
+ }
+ }
+
+ $boundary = array(array(0, 127), array(192, 223), array(224, 239), array(240, 247), array(248, 251), array(252, 253));
+
+ // Prohibited Characters RFC3454 + RFC3920
+ $prohibited = array(
+ // Table C.1.1
+ array(0x0020, 0x0020), // SPACE
+ // Table C.1.2
+ array(0x00A0, 0x00A0), // NO-BREAK SPACE
+ array(0x1680, 0x1680), // OGHAM SPACE MARK
+ array(0x2000, 0x2001), // EN QUAD
+ array(0x2001, 0x2001), // EM QUAD
+ array(0x2002, 0x2002), // EN SPACE
+ array(0x2003, 0x2003), // EM SPACE
+ array(0x2004, 0x2004), // THREE-PER-EM SPACE
+ array(0x2005, 0x2005), // FOUR-PER-EM SPACE
+ array(0x2006, 0x2006), // SIX-PER-EM SPACE
+ array(0x2007, 0x2007), // FIGURE SPACE
+ array(0x2008, 0x2008), // PUNCTUATION SPACE
+ array(0x2009, 0x2009), // THIN SPACE
+ array(0x200A, 0x200A), // HAIR SPACE
+ array(0x200B, 0x200B), // ZERO WIDTH SPACE
+ array(0x202F, 0x202F), // NARROW NO-BREAK SPACE
+ array(0x205F, 0x205F), // MEDIUM MATHEMATICAL SPACE
+ array(0x3000, 0x3000), // IDEOGRAPHIC SPACE
+ // Table C.2.1
+ array(0x0000, 0x001F), // [CONTROL CHARACTERS]
+ array(0x007F, 0x007F), // DELETE
+ // Table C.2.2
+ array(0x0080, 0x009F), // [CONTROL CHARACTERS]
+ array(0x06DD, 0x06DD), // ARABIC END OF AYAH
+ array(0x070F, 0x070F), // SYRIAC ABBREVIATION MARK
+ array(0x180E, 0x180E), // MONGOLIAN VOWEL SEPARATOR
+ array(0x200C, 0x200C), // ZERO WIDTH NON-JOINER
+ array(0x200D, 0x200D), // ZERO WIDTH JOINER
+ array(0x2028, 0x2028), // LINE SEPARATOR
+ array(0x2029, 0x2029), // PARAGRAPH SEPARATOR
+ array(0x2060, 0x2060), // WORD JOINER
+ array(0x2061, 0x2061), // FUNCTION APPLICATION
+ array(0x2062, 0x2062), // INVISIBLE TIMES
+ array(0x2063, 0x2063), // INVISIBLE SEPARATOR
+ array(0x206A, 0x206F), // [CONTROL CHARACTERS]
+ array(0xFEFF, 0xFEFF), // ZERO WIDTH NO-BREAK SPACE
+ array(0xFFF9, 0xFFFC), // [CONTROL CHARACTERS]
+ array(0x1D173, 0x1D17A), // [MUSICAL CONTROL CHARACTERS]
+ // Table C.3
+ array(0xE000, 0xF8FF), // [PRIVATE USE, PLANE 0]
+ array(0xF0000, 0xFFFFD), // [PRIVATE USE, PLANE 15]
+ array(0x100000, 0x10FFFD), // [PRIVATE USE, PLANE 16]
+ // Table C.4
+ array(0xFDD0, 0xFDEF), // [NONCHARACTER CODE POINTS]
+ array(0xFFFE, 0xFFFF), // [NONCHARACTER CODE POINTS]
+ array(0x1FFFE, 0x1FFFF), // [NONCHARACTER CODE POINTS]
+ array(0x2FFFE, 0x2FFFF), // [NONCHARACTER CODE POINTS]
+ array(0x3FFFE, 0x3FFFF), // [NONCHARACTER CODE POINTS]
+ array(0x4FFFE, 0x4FFFF), // [NONCHARACTER CODE POINTS]
+ array(0x5FFFE, 0x5FFFF), // [NONCHARACTER CODE POINTS]
+ array(0x6FFFE, 0x6FFFF), // [NONCHARACTER CODE POINTS]
+ array(0x7FFFE, 0x7FFFF), // [NONCHARACTER CODE POINTS]
+ array(0x8FFFE, 0x8FFFF), // [NONCHARACTER CODE POINTS]
+ array(0x9FFFE, 0x9FFFF), // [NONCHARACTER CODE POINTS]
+ array(0xAFFFE, 0xAFFFF), // [NONCHARACTER CODE POINTS]
+ array(0xBFFFE, 0xBFFFF), // [NONCHARACTER CODE POINTS]
+ array(0xCFFFE, 0xCFFFF), // [NONCHARACTER CODE POINTS]
+ array(0xDFFFE, 0xDFFFF), // [NONCHARACTER CODE POINTS]
+ array(0xEFFFE, 0xEFFFF), // [NONCHARACTER CODE POINTS]
+ array(0xFFFFE, 0xFFFFF), // [NONCHARACTER CODE POINTS]
+ array(0x10FFFE, 0x10FFFF), // [NONCHARACTER CODE POINTS]
+ // Table C.5
+ array(0xD800, 0xDFFF), // [SURROGATE CODES]
+ // Table C.6
+ array(0xFFF9, 0xFFF9), // INTERLINEAR ANNOTATION ANCHOR
+ array(0xFFFA, 0xFFFA), // INTERLINEAR ANNOTATION SEPARATOR
+ array(0xFFFB, 0xFFFB), // INTERLINEAR ANNOTATION TERMINATOR
+ array(0xFFFC, 0xFFFC), // OBJECT REPLACEMENT CHARACTER
+ array(0xFFFD, 0xFFFD), // REPLACEMENT CHARACTER
+ // Table C.7
+ array(0x2FF0, 0x2FFB), // [IDEOGRAPHIC DESCRIPTION CHARACTERS]
+ // Table C.8
+ array(0x0340, 0x0340), // COMBINING GRAVE TONE MARK
+ array(0x0341, 0x0341), // COMBINING ACUTE TONE MARK
+ array(0x200E, 0x200E), // LEFT-TO-RIGHT MARK
+ array(0x200F, 0x200F), // RIGHT-TO-LEFT MARK
+ array(0x202A, 0x202A), // LEFT-TO-RIGHT EMBEDDING
+ array(0x202B, 0x202B), // RIGHT-TO-LEFT EMBEDDING
+ array(0x202C, 0x202C), // POP DIRECTIONAL FORMATTING
+ array(0x202D, 0x202D), // LEFT-TO-RIGHT OVERRIDE
+ array(0x202E, 0x202E), // RIGHT-TO-LEFT OVERRIDE
+ array(0x206A, 0x206A), // INHIBIT SYMMETRIC SWAPPING
+ array(0x206B, 0x206B), // ACTIVATE SYMMETRIC SWAPPING
+ array(0x206C, 0x206C), // INHIBIT ARABIC FORM SHAPING
+ array(0x206D, 0x206D), // ACTIVATE ARABIC FORM SHAPING
+ array(0x206E, 0x206E), // NATIONAL DIGIT SHAPES
+ array(0x206F, 0x206F), // NOMINAL DIGIT SHAPES
+ // Table C.9
+ array(0xE0001, 0xE0001), // LANGUAGE TAG
+ array(0xE0020, 0xE007F), // [TAGGING CHARACTERS]
+ // RFC3920
+ array(0x22, 0x22), // "
+ array(0x26, 0x26), // &
+ array(0x27, 0x27), // '
+ array(0x2F, 0x2F), // /
+ array(0x3A, 0x3A), // :
+ array(0x3C, 0x3C), // <
+ array(0x3E, 0x3E), // >
+ array(0x40, 0x40) // @
+ );
+
+ $pos = 0;
+ $result = true;
+
+ while ($pos < strlen($username))
+ {
+ $len = $uni = 0;
+ for ($i = 0; $i <= 5; $i++)
+ {
+ if (ord($username[$pos]) >= $boundary[$i][0] && ord($username[$pos]) <= $boundary[$i][1])
+ {
+ $len = $i + 1;
+ $uni = (ord($username[$pos]) - $boundary[$i][0]) * pow(2, $i * 6);
+
+ for ($k = 1; $k < $len; $k++)
+ {
+ $uni += (ord($username[$pos + $k]) - 128) * pow(2, ($i - $k) * 6);
+ }
+
+ break;
+ }
+ }
+
+ if ($len == 0)
+ {
+ return 'WRONG_DATA';
+ }
+ foreach ($prohibited as $pval)
+ {
+ if ($uni >= $pval[0] && $uni <= $pval[1])
+ {
+ $result = false;
+ break 2;
+ }
+ }
+
+ $pos = $pos + $len;
+ }
+
+ if (!$result)
+ {
+ return 'WRONG_DATA';
+ }
+
+ return false;
+}
/**
* Remove avatar
generated by cgit v1.2.1 (git 2.21.0) at 2025-08-20 05:53:02 +0000