fix: validate email is not empty and has valid format on registration#1148
fix: validate email is not empty and has valid format on registration#1148
Conversation
- Add empty check for email field using filter_var(FILTER_VALIDATE_EMAIL) - Add language constants MSG_CANNOT_EMPTY and MSG_WRONG_FORMAT - Fixes #1140: Email validation was only checking length, not format or emptiness
There was a problem hiding this comment.
Pull request overview
Fixes registration email validation so users can’t register with an empty or malformed email address, addressing issue #1140.
Changes:
- Add server-side checks for empty email and invalid email format in
register.php. - Switch email length validation to use the trimmed
$emailvariable. - Add two new i18n message strings for the new validation errors in CN/EN language packs.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| trunk/web/register.php | Adds empty + format validation for email during registration and updates length check to use $email. |
| trunk/web/lang/en.php | Introduces new message keys for “cannot be empty” and “invalid format”. |
| trunk/web/lang/cn.php | Introduces new message keys for “不能为空” and “格式错误”. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| // 验证邮箱是否为空 | ||
| if ($email === '') { | ||
| $err_str = $err_str . "$MSG_EMAIL $MSG_CANNOT_EMPTY!\\n"; | ||
| $err_cnt++; | ||
| } | ||
|
|
||
| // 验证邮箱格式是否合法 | ||
| if ($email !== '' && !filter_var($email, FILTER_VALIDATE_EMAIL)) { | ||
| $err_str = $err_str . "$MSG_EMAIL $MSG_WRONG_FORMAT!\\n"; | ||
| $err_cnt++; |
There was a problem hiding this comment.
$MSG_CANNOT_EMPTY / $MSG_WRONG_FORMAT are new message keys, but they’re only added to lang/en.php and lang/cn.php. If $OJ_LANG is set to any other language pack, these variables will be undefined and the registration error text will be incomplete (and may emit PHP notices). Please add these keys to all language files, or provide a safe fallback (e.g., defaulting to English strings when the variables are unset).
There was a problem hiding this comment.
Applied in commit that adds $MSG_CANNOT_EMPTY and $MSG_WRONG_FORMAT to all 9 remaining language files (bo, cnt, fa, he, ko, mn, ru, th, ug). Languages with existing native translations got proper localized strings (cnt: Traditional Chinese, ko: Korean, mn: Mongolian, ru: Russian, he: Hebrew, ug: Uyghur); English fallbacks are used for bo/fa/th which already use English for many untranslated keys. Also fixed $_POST['email'] to use the null-coalescing operator (?? '') for PHP 8+ compatibility.
| // 验证邮箱是否为空 | ||
| if ($email === '') { | ||
| $err_str = $err_str . "$MSG_EMAIL $MSG_CANNOT_EMPTY!\\n"; | ||
| $err_cnt++; |
There was a problem hiding this comment.
These checks assume $email is always a string, but earlier it’s populated via trim($_POST['email']) without a default. Under PHP 8+, a missing email field can raise an undefined index warning and then a TypeError in trim(). Consider reading it as trim($_POST['email'] ?? '') (and similarly for other required fields) so the new empty/format validation runs instead of fatalling.
Fix Email Validation on Registration
问题
register.php注册时只校验了邮箱长度,未校验:导致可以注册空邮箱或无效格式邮箱。
修复
涉及文件
register.php— 核心修复lang/cn.php— 新增$MSG_CANNOT_EMPTY和$MSG_WRONG_FORMATlang/en.php— 新增英文字符串修复验证
Fixes #1140