diff --git a/core/email_api.php b/core/email_api.php
index b01286e..08f39cc 100644
--- a/core/email_api.php
+++ b/core/email_api.php
@@ -159,49 +159,54 @@ function email_is_valid( $p_email ) {
# Use a regular expression to check to see if the email is in valid format
# x-xx.xxx@yyy.zzz.abc etc.
- if( preg_match( email_get_rfc822_regex(), $p_email, $t_check ) ) {
- $t_local = $t_check[1];
- $t_domain = $t_check[2];
-
- # see if we're limited to one domain
- $t_limit_email_domain = config_get( 'limit_email_domain' );
- if( $t_limit_email_domain !== OFF ) {
- if( 0 != strcasecmp( $t_limit_email_domain, $t_domain ) ) {
- return false;
+ $t_split_emails = split (';', $p_email);
+ foreach($t_split_emails as $t_split_email) {
+ $t_split_email_ok = false;
+ if ( preg_match( email_get_rfc822_regex(), $t_split_email, $t_check ) ) {
+ $t_local = $t_check[1];
+ $t_domain = $t_check[2];
+
+ # see if we're limited to one domain
+ if ( ON == config_get( 'limit_email_domain' ) ) {
+ if ( 0 != strcasecmp( $t_limit_email_domain, $t_domain ) ) {
+ return false;
+ }
}
- }
-
- if( preg_match( '/\\[(\d+)\.(\d+)\.(\d+)\.(\d+)\\]/', $t_domain, $t_check ) ) {
-
+
+ if ( preg_match( '/\\[(\d+)\.(\d+)\.(\d+)\.(\d+)\\]/', $t_domain, $t_check ) ) {
# Handle domain-literals of the form '[1.2.3.4]'
# as long as each segment is less than 255, we're ok
- if( $t_check[1] <= 255 && $t_check[2] <= 255 && $t_check[3] <= 255 && $t_check[4] <= 255 ) {
- return true;
- }
- }
- elseif( ON == config_get( 'check_mx_record' ) ) {
- $temp = '';
-
- # Check for valid mx records
- if( getmxrr( $t_domain, $temp ) ) {
- return true;
- } else {
- $host = $t_domain . '.';
-
- # for no mx record... try dns check
- if( checkdnsrr( $host, 'ANY' ) ) {
- return true;
+ if ( $t_check[1] <= 255 &&
+ $t_check[2] <= 255 &&
+ $t_check[3] <= 255 &&
+ $t_check[4] <= 255 ) {
+ $t_split_email_ok = true;
+ }
+ } else if ( ON == config_get( 'check_mx_record' ) ) {
+ # Check for valid mx records
+ if ( getmxrr( $t_domain, $temp ) ) {
+ $t_split_email_ok = true;
+ } else {
+ $host = $t_domain . '.';
+
+ # for no mx record... try dns check
+ if ( checkdnsrr( $host, 'ANY' ) ) {
+ $t_split_email_ok = true;
+ }
}
+ } else {
+ # Email format was valid but did't check for valid mx records
+ $t_split_email_ok = true;
}
- } else {
-
- # Email format was valid but did't check for valid mx records
- return true;
+ }
+ if ( $t_split_email_ok == false ) {
+ # Everything failed. The email is invalid
+ return false;
}
}
- # Everything failed. The email is invalid
- return false;
+ # all addresses are valid
+ return true;
}
# Check if the email address is valid
@@ -821,9 +826,15 @@ function email_send( $p_email_data ) {
if( OFF !== $t_debug_email ) {
$t_message = 'To: ' . $t_recipient . "\n\n" . $t_message;
- $mail->AddAddress( $t_debug_email, '' );
+ $t_split_recipients = split (';', $t_debug_email);
+ foreach($t_split_recipients as $t_split_recipient) {
+ $mail->AddAddress( $t_split_recipient, '' );
+ }
} else {
- $mail->AddAddress( $t_recipient, '' );
+ $t_split_recipients = split (';', $t_recipient);
+ foreach($t_split_recipients as $t_split_recipient) {
+ $mail->AddAddress( $t_split_recipient, '' );
+ }
}
$mail->Subject = $t_subject;
@@ -915,7 +926,8 @@ function make_lf_crlf( $p_string ) {
*/
function email_append_domain( $p_email ) {
# If email is empty or already contains a domain, then return as is.
- if ( is_blank( $p_email ) || strchr( $p_email, '@' ) ) {
+ # If email contains multiple addresses, then return as is.
+ if ( is_blank( $p_email ) || strchr( $p_email, '@' ) || strchr( $p_email, ';' ) ) {
return $p_email;
}
diff --git a/core/print_api.php b/core/print_api.php
index a27a811..487129b 100644
--- a/core/print_api.php
+++ b/core/print_api.php
@@ -193,13 +193,17 @@ function print_user_with_subject( $p_user_id, $p_bug_id ) {
# print out an email editing input
function print_email_input( $p_field_name, $p_email ) {
$t_limit_email_domain = config_get( 'limit_email_domain' );
- if( $t_limit_email_domain ) {
-
- # remove the domain part
- $p_email = eregi_replace( "@$t_limit_email_domain$", '', $p_email );
- echo '@' . $t_limit_email_domain;
+ if( strchr($p_email, ';' ) ) {
+ echo '';
} else {
- echo '';
+ if( $t_limit_email_domain ) {
+
+ # remove the domain part
+ $p_email = eregi_replace( "@$t_limit_email_domain$", '', $p_email );
+ echo '@' . $t_limit_email_domain;
+ } else {
+ echo '';
+ }
}
}
diff --git a/lost_pwd.php b/lost_pwd.php
index c50501e..a3295f7 100644
--- a/lost_pwd.php
+++ b/lost_pwd.php
@@ -45,12 +45,15 @@
$f_email = email_append_domain( $f_email );
email_ensure_valid( $f_email );
+
+ $c_username = db_prepare_string( $f_username );
+ $c_email = db_prepare_string( $f_email );
$t_user_table = db_get_table( 'mantis_user_table' );
/** @todo Consider moving this query to user_api.php */
- $query = 'SELECT id FROM ' . $t_user_table . ' WHERE username = ' . db_param() . ' AND email = ' . db_param() . ' AND enabled=' . db_param();
- $result = db_query_bound( $query, Array( $f_username, $f_email, true ) );
+ $query = 'SELECT id,email FROM ' . $t_user_table . ' WHERE username = \'' . $c_username . '\' AND enabled=1';
+ $result = db_query( $query );
if ( 0 == db_num_rows( $result ) ) {
trigger_error( ERROR_LOST_PASSWORD_NOT_MATCHING_DATA, ERROR );
@@ -62,6 +65,17 @@
$row = db_fetch_array( $result );
$t_user_id = $row['id'];
+ $t_split_emails = split (';', $row['email']);
+ $t_email_error = true;
+ foreach($t_split_emails as $t_split_email) {
+ if($c_email == $t_split_email) {
+ $t_email_error = false;
+ break;
+ }
+ }
+ if ($t_email_error) {
+ trigger_error( ERROR_LOST_PASSWORD_NOT_MATCHING_DATA, ERROR );
+ }
if( user_is_protected( $t_user_id ) ) {
trigger_error( ERROR_PROTECTED_ACCOUNT, ERROR );