[wp-trac] [WordPress Trac] #25319: Preg_match() in class-phpmailer.php is causing timeout

WordPress Trac noreply at wordpress.org
Sat Sep 14 18:06:35 UTC 2013


#25319: Preg_match() in class-phpmailer.php is causing timeout
--------------------------------+------------------------------
 Reporter:  nicktc              |       Owner:
     Type:  defect (bug)        |      Status:  new
 Priority:  normal              |   Milestone:  Awaiting Review
Component:  External Libraries  |     Version:  3.6.1
 Severity:  normal              |  Resolution:
 Keywords:  needs-patch         |
--------------------------------+------------------------------
Description changed by ocean90:

Old description:

> Hi,
>
> I tried to send an email via contact form 7 plugin. This wasn't working,
> so I debugged it. Found out that the actual problem is in the core, as I
> believe wp-includes/class-phpmailer.php is a core file.
>
> On line 737 it's executing a preg_match to validate the address, but
> while doing it it's timing out (more then 30 secs). Seems like an error
> perhaps in the regular expression. Or it must be a server thing, but I
> can't imagine that.
>
> Line 737:
>
> return preg_match('/^(?!(?>(?1)"?(?>\\\[
> -~]|[^"])"?(?1)){255,})(?!(?>(?1)"?(?>\\\[
> -~]|[^"])"?(?1)){65,}@)((?>(?>(?>((?>(?>(?>\x0D\x0A)?[       ])+|(?>[
> ]*\x0D\x0A)?[
> ]+)?)(\((?>(?2)(?>[\x01-\x08\x0B\x0C\x0E-\'*-\[\]-\x7F]|\\\[\x00-\x7F]|(?3)))*(?2)\)))+(?2))|(?2))?)([!#-\'*+\/-9=?^-~-]+|"(?>(?2)(?>[\x01-\x08\x0B\x0C\x0E-!#-\[\]-\x7F]|\\\[\x00-\x7F]))*(?2)")(?>(?1)\.(?1)(?4))*(?1)@(?!(?1)[a-z0-9-]{64,})(?1)(?>([a-z0-9](?>[a-z0-9-]*[a-z0-9])?)(?>(?1)\.(?!(?1)[a-z0-9-]{64,})(?1)(?5)){0,126}|\[(?:(?>IPv6:(?>([a-f0-9]{1,4})(?>:(?6)){7}|(?!(?:.*[a-f0-9][:\]]){7,})((?6)(?>:(?6)){0,5})?::(?7)?))|(?>(?>IPv6:(?>(?6)(?>:(?6)){5}:|(?!(?:.*[a-f0-9]:){5,})(?8)?::(?>((?6)(?>:(?6)){0,3}):)?))?(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])(?>\.(?9)){3}))\])(?1)$/isD',
> $address);
>
> I also tested this defect with a simple file like this:
>
> <?php
>
> $address = "username at email.com";
> var_dump(preg_match('/^(?!(?>(?1)"?(?>\\\[
> -~]|[^"])"?(?1)){255,})(?!(?>(?1)"?(?>\\\[
> -~]|[^"])"?(?1)){65,}@)((?>(?>(?>((?>(?>(?>\x0D\x0A)?[     ])+|(?>[
> ]*\x0D\x0A)?[
> ]+)?)(\((?>(?2)(?>[\x01-\x08\x0B\x0C\x0E-\'*-\[\]-\x7F]|\\\[\x00-\x7F]|(?3)))*(?2)\)))+(?2))|(?2))?)([!#-\'*+\/-9=?^-~-]+|"(?>(?2)(?>[\x01-\x08\x0B\x0C\x0E-!#-\[\]-\x7F]|\\\[\x00-\x7F]))*(?2)")(?>(?1)\.(?1)(?4))*(?1)@(?!(?1)[a-z0-9-]{64,})(?1)(?>([a-z0-9](?>[a-z0-9-]*[a-z0-9])?)(?>(?1)\.(?!(?1)[a-z0-9-]{64,})(?1)(?5)){0,126}|\[(?:(?>IPv6:(?>([a-f0-9]{1,4})(?>:(?6)){7}|(?!(?:.*[a-f0-9][:\]]){7,})((?6)(?>:(?6)){0,5})?::(?7)?))|(?>(?>IPv6:(?>(?6)(?>:(?6)){5}:|(?!(?:.*[a-f0-9]:){5,})(?8)?::(?>((?6)(?>:(?6)){0,3}):)?))?(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])(?>\.(?9)){3}))\])(?1)$/isD',
> $address));
>
> ?>
>
> You wil see that it takes a lot of time, or even exceeds the maximum
> execution time.

New description:

 Hi,

 I tried to send an email via contact form 7 plugin. This wasn't working,
 so I debugged it. Found out that the actual problem is in the core, as I
 believe wp-includes/class-phpmailer.php is a core file.

 On line 737 it's executing a preg_match to validate the address, but while
 doing it it's timing out (more then 30 secs). Seems like an error perhaps
 in the regular expression. Or it must be a server thing, but I can't
 imagine that.

 Line 737:


 {{{
 return preg_match('/^(?!(?>(?1)"?(?>\\\[
 -~]|[^"])"?(?1)){255,})(?!(?>(?1)"?(?>\\\[
 -~]|[^"])"?(?1)){65,}@)((?>(?>(?>((?>(?>(?>\x0D\x0A)?[       ])+|(?>[
 ]*\x0D\x0A)?[
 ]+)?)(\((?>(?2)(?>[\x01-\x08\x0B\x0C\x0E-\'*-\[\]-\x7F]|\\\[\x00-\x7F]|(?3)))*(?2)\)))+(?2))|(?2))?)([!#-\'*+\/-9=?^-~-]+|"(?>(?2)(?>[\x01-\x08\x0B\x0C\x0E-!#-\[\]-\x7F]|\\\[\x00-\x7F]))*(?2)")(?>(?1)\.(?1)(?4))*(?1)@(?!(?1)[a-z0-9-]{64,})(?1)(?>([a-z0-9](?>[a-z0-9-]*[a-z0-9])?)(?>(?1)\.(?!(?1)[a-z0-9-]{64,})(?1)(?5)){0,126}|\[(?:(?>IPv6:(?>([a-f0-9]{1,4})(?>:(?6)){7}|(?!(?:.*[a-f0-9][:\]]){7,})((?6)(?>:(?6)){0,5})?::(?7)?))|(?>(?>IPv6:(?>(?6)(?>:(?6)){5}:|(?!(?:.*[a-f0-9]:){5,})(?8)?::(?>((?6)(?>:(?6)){0,3}):)?))?(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])(?>\.(?9)){3}))\])(?1)$/isD',
 $address);
 }}}


 I also tested this defect with a simple file like this:


 {{{
 <?php

 $address = "username at email.com";
 var_dump(preg_match('/^(?!(?>(?1)"?(?>\\\[
 -~]|[^"])"?(?1)){255,})(?!(?>(?1)"?(?>\\\[
 -~]|[^"])"?(?1)){65,}@)((?>(?>(?>((?>(?>(?>\x0D\x0A)?[     ])+|(?>[
 ]*\x0D\x0A)?[
 ]+)?)(\((?>(?2)(?>[\x01-\x08\x0B\x0C\x0E-\'*-\[\]-\x7F]|\\\[\x00-\x7F]|(?3)))*(?2)\)))+(?2))|(?2))?)([!#-\'*+\/-9=?^-~-]+|"(?>(?2)(?>[\x01-\x08\x0B\x0C\x0E-!#-\[\]-\x7F]|\\\[\x00-\x7F]))*(?2)")(?>(?1)\.(?1)(?4))*(?1)@(?!(?1)[a-z0-9-]{64,})(?1)(?>([a-z0-9](?>[a-z0-9-]*[a-z0-9])?)(?>(?1)\.(?!(?1)[a-z0-9-]{64,})(?1)(?5)){0,126}|\[(?:(?>IPv6:(?>([a-f0-9]{1,4})(?>:(?6)){7}|(?!(?:.*[a-f0-9][:\]]){7,})((?6)(?>:(?6)){0,5})?::(?7)?))|(?>(?>IPv6:(?>(?6)(?>:(?6)){5}:|(?!(?:.*[a-f0-9]:){5,})(?8)?::(?>((?6)(?>:(?6)){0,3}):)?))?(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])(?>\.(?9)){3}))\])(?1)$/isD',
 $address));

 ?>
 }}}


 You wil see that it takes a lot of time, or even exceeds the maximum
 execution time.

--

--
Ticket URL: <http://core.trac.wordpress.org/ticket/25319#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list