summaryrefslogtreecommitdiff
path: root/program/include/main.inc
diff options
context:
space:
mode:
Diffstat (limited to 'program/include/main.inc')
-rw-r--r--program/include/main.inc11
1 files changed, 7 insertions, 4 deletions
diff --git a/program/include/main.inc b/program/include/main.inc
index 0c83af26b..1947e3573 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -1679,11 +1679,14 @@ function rcube_parse_host($name, $host='')
$h = $_SESSION['imap_host'] ? $_SESSION['imap_host'] : $host;
// %z - IMAP domain without first part, e.g. %h=imap.domain.tld, %z=domain.tld
$z = preg_replace('/^[^\.]+\./', '', $h);
- // %s - domain name after the '@' from e-mail address provided at login screen
- if ( filter_var(get_input_value('_user', RCUBE_INPUT_POST), FILTER_VALIDATE_EMAIL) !== FALSE )
- preg_match('/[^@]+$/', get_input_value('_user', RCUBE_INPUT_POST), $s);
+ // %s - domain name after the '@' from e-mail address provided at login screen. Returns FALSE if an invalid email is provided
+ if ( strpos($name, '%s') !== false ){
+ $user_email = rcube_idn_convert(get_input_value('_user', RCUBE_INPUT_POST), true);
+ if ( preg_match('/(.*)@([a-z0-9\.\-\[\]\:]+)/i', $user_email, $s) < 1 || filter_var($s[1]."@".$s[2], FILTER_VALIDATE_EMAIL) === false )
+ return false;
+ }
- $name = str_replace(array('%n', '%d', '%h', '%z', '%s'), array($n, $d, $h, $z, $s[0]), $name);
+ $name = str_replace(array('%n', '%d', '%h', '%z', '%s'), array($n, $d, $h, $z, $s[2]), $name);
return $name;
}