Validation fail: Email address is allowed
Elijah Lynn - August 29, 2009 - 03:34
| Project: | Link |
| Version: | 6.x-2.6 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | needs review |
Description
I noticed a user had entered their email address for their website. I proceeded to try and enter mine and it worked no problem.
This should not happen.
#1
Incorrect - an email address is a perfectly reasonable link target. mailto:john@example.com is as valid as http://www.example.com, after all.
#2
The link that shows up is http://www.example.com/user@drupal.org
When clicked it gives a 404.
Is this correct?
#3
Something still isn't right. I just looked at the source code. This module is allowing emails (I'm talking about email addresses, not mailto: url's) to pass through validation, and then saving them as though they're url's. Later, it passes all url's through Drupal's url() function before they end up in the href attribute of A tags. The problem is that an email address (without mailto:) is not a url (at least, not one that links to an email address in the context of a page). To Drupal's url() function, it looks like a link to a page that happens to have a @ character in its path.
#4
I agree with #3 - I have a link field in a form and some users try to enter an email address. It creates a useless link.
It would be really useful to be able to prevent this through validation.
#5
I was running into similar parsing issues with email addresses not always being detected as such, as well as users who were confused by having to enter "mailto:" first.
The attached patch changes the email address detection from custom regexs inside the link module, to using drupal core's valid_email_address. This seems to fix some of the detection problems. Then, f needed, in sanitize, it automatically adds mailto: for urls which are of type LINK_EMAIL (much like http:// is automatically added for urls that appear to be referencing a root domain).