Skip to content

[BUG] Bad email in frontend account register #4681

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
1 task done
3m-abro opened this issue Mar 12, 2025 · 1 comment
Open
1 task done

[BUG] Bad email in frontend account register #4681

3m-abro opened this issue Mar 12, 2025 · 1 comment
Labels
bug review needed Problem should be verified

Comments

@3m-abro
Copy link

3m-abro commented Mar 12, 2025
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

Users with Arabic keyboards are getting validation errors because their email addresses contain hidden RTL (Right-to-Left) Unicode characters. These invisible characters are messing up the hostname checks. Below is the stack trace

Array
(
    [type] => 1:E_ERROR
    [message] => Uncaught ValueError: checkdnsrr(): Argument #1 ($hostname) cannot be empty in /var/web/xxxApp/vendor/shardj/zf1-future/library/Zend/Validate/Hostname.php:2446
Stack trace:
#0 /var/web/xxxApp/vendor/shardj/zf1-future/library/Zend/Validate/Hostname.php(2446): checkdnsrr()
#1 /var/web/xxxApp/vendor/shardj/zf1-future/library/Zend/Validate/Hostname.php(2192): Zend_Validate_Hostname->checkDnsRecords()
#2 /var/web/xxxApp/vendor/shardj/zf1-future/library/Zend/Validate/EmailAddress.php(503): Zend_Validate_Hostname->isValid()
#3 /var/web/xxxApp/vendor/shardj/zf1-future/library/Zend/Validate/EmailAddress.php(562): Zend_Validate_EmailAddress->_validateHostnamePart()
#4 /var/web/xxxApp/app/code/core/Mage/Eav/Model/Attribute/Data/Abstract.php(408): Zend_Validate_EmailAddress->isValid()
#5 /var/web/xxxApp/app/code/core/Mage/Eav/Model/Attribute/Data/Text.php(74): Mage_Eav_Model_Attribute_Data_Abstract->_validateInputRule()
#6 /var/web/xxxApp/app/code/core/Mage/Eav/Model/Form.php(372): Mage_Eav_Model_Attribute_Data_Text->validateValue()
#7 /var/web/xxxApp/app/code/core/Mage/Customer/controllers/AccountController.php(421): Mage_Eav_Model_Form->validateData()
#8 /var/web/xxxApp/app/code/core/Mage/Customer/controllers/AccountController.php(293): Mage_Customer_AccountController->_getCustomerErrors()
#9 /var/web/xxxApp/app/code/core/Mage/Core/Controller/Varien/Action.php(419): Mage_Customer_AccountController->createPostAction()
#10 /var/web/xxxApp/app/code/core/Mage/Core/Controller/Varien/Router/Standard.php(255): Mage_Core_Controller_Varien_Action->dispatch()
#11 /var/web/xxxApp/app/code/core/Mage/Core/Controller/Varien/Front.php(181): Mage_Core_Controller_Varien_Router_Standard->match()
#12 /var/web/xxxApp/app/code/core/Mage/Core/Model/App.php(358): Mage_Core_Controller_Varien_Front->dispatch()
#13 /var/web/xxxApp/app/Mage.php(751): Mage_Core_Model_App->run()
#14 /var/web/xxxApp/index.php(68): Mage::run()
#15 {main}
  thrown
    [file] => /var/web/xxxApp/vendor/shardj/zf1-future/library/Zend/Validate/Hostname.php
    [line] => 2446
    [uri] => /customer/account/createpost/
    [user] => apache
    [role] => fpm-fcgi
)

Expected Behavior

Clean the email address before validating.

Steps To Reproduce

Here's how to replicate the RTL email issue:

  1. Using Arabic/RTL Keyboard Setup
1. Enable Arabic keyboard input on your system
2. Open browser's developer tools (F12)
3. Go to your site's registration page
  1. Test Case 1 - Direct RTL Input
1. Fill registration form with:
   - Name: Any name
   - Email: Type "[email protected]" with Arabic keyboard active
   - Other required fields
2. Submit form
3. Expected error: "checkdnsrr(): Argument #1 ($hostname) cannot be empty"
  1. Test Case 2 - Copy/Paste from RTL Source
1. Copy this email: "[email protected][U+202C][U+200F]‬‏"
   (Note: This contains hidden RTL marks)
2. Paste into registration form
3. Submit form
4. Check security.log for: "empty toAscii hostName"
  1. Verify in Logs
1. Check var/log/security.log
2. Look for entries like:
   "empty toAscii hostName: 'gmail.com[U+202C][U+200F]‬‏'"
   
3. Check var/log/system.log for:
   "checkdnsrr(): Argument #1 ($hostname) cannot be empty"
  1. Using Developer Tools
1. Open browser's developer tools
2. Go to Network tab
3. Submit form
4. Look for the failed request
5. Check request payload - you'll see the hidden RTL characters in the email

Real examples from your logs:

Email with RTL marks: [email protected][U+202C][U+200F]‬‏
Email with RTL marks: [U+202C][U+200F]‏‪[email protected][U+202C][U+200F]‬‏‬‏‬‏

Environment

- OpenMage:
- php:

Anything else?

No response
@3m-abro 3m-abro added bug review needed Problem should be verified labels Mar 12, 2025
@addison74
Copy link
Contributor

From what I can see, the error comes from ZF1-Future library. Maybe it's more appropriate to report it there.

@sreichel sreichel mentioned this issue Mar 13, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug review needed Problem should be verified
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@addison74 @3m-abro