Dependency Graph View Issue Relation Graph Vertical
related to child of duplicate of

View Issue Details

IDProjectCategoryView StatusLast Update
0012866phpList 3 applicationSubscriber Importpublic01-11-12 20:40
Status resolvedResolutionfixed 
Product Version2.10.5 
Target VersionFixed in Version 
Summary0012866: Strict format checking of email and other fields prevents numerous imports, possible for mysql injection attacks
DescriptionTrying to import a list of 10,000+ users, I have much trouble, 4 hours or so.

I wrote a script in php to parse my list using your pattern:
$pattern =

  if(eregi($pattern, $email))

The toruble I see with this pattern is two fold, first, new TLD's will get added, so you have to release an update too often. Just reduce the test to be domain of 2-4 letters in length.

Second issue is that numerous characters are not valid, such as # , etc. These are RFC valid email chars, even a @ is valid, in that user\ is valid, so long as you escape it, or quote it.

At any rate, just print a message to screen about which lines are in error, and let me go about my import.

Further, ' and " are allowed, both of which will toss SQL errors. While the risk is low, I could potentially cause damage knowing that.

I enjoyed my evening of splitting up a file into 100 line chunks :-)
TagsNo tags attached.



17-03-08 20:24


2.10.6 will have an updated is_email() function. We will do some testing to see if this solves this issue.


18-03-08 00:37

reporter   ~0043004

I would also suggest all variables that are part of an insert be sanitized, a badly formed email address has potential to `drop`