[wp-trac] [WordPress Trac] #25319: Preg_match() in class-phpmailer.php is causing timeout

WordPress Trac noreply at wordpress.org
Sat Sep 14 17:00:44 UTC 2013 

#25319: Preg_match() in class-phpmailer.php is causing timeout
--------------------------+-----------------------------
 Reporter:  nicktc        |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Mail          |    Version:  3.6.1
 Severity:  normal        |   Keywords:  needs-patch
--------------------------+-----------------------------
 Hi,

 I tried to send an email via contact form 7 plugin. This wasn't working,
 so I debugged it. Found out that the actual problem is in the core, as I
 believe wp-includes/class-phpmailer.php is a core file.

 On line 737 it's executing a preg_match to validate the address, but while
 doing it it's timing out (more then 30 secs). Seems like an error perhaps
 in the regular expression. Or it must be a server thing, but I can't
 imagine that.

 Line 737:

 return preg_match('/^(?!(?>(?1)"?(?>\\\[
 -~]|[^"])"?(?1)){255,})(?!(?>(?1)"?(?>\\\[
 -~]|[^"])"?(?1)){65,}@)((?>(?>(?>((?>(?>(?>\x0D\x0A)?[       ])+|(?>[
 ]*\x0D\x0A)?[
 ]+)?)(\((?>(?2)(?>[\x01-\x08\x0B\x0C\x0E-\'*-\[\]-\x7F]|\\\[\x00-\x7F]|(?3)))*(?2)\)))+(?2))|(?2))?)([!#-\'*+\/-9=?^-~-]+|"(?>(?2)(?>[\x01-\x08\x0B\x0C\x0E-!#-\[\]-\x7F]|\\\[\x00-\x7F]))*(?2)")(?>(?1)\.(?1)(?4))*(?1)@(?!(?1)[a-z0-9-]{64,})(?1)(?>([a-z0-9](?>[a-z0-9-]*[a-z0-9])?)(?>(?1)\.(?!(?1)[a-z0-9-]{64,})(?1)(?5)){0,126}|\[(?:(?>IPv6:(?>([a-f0-9]{1,4})(?>:(?6)){7}|(?!(?:.*[a-f0-9][:\]]){7,})((?6)(?>:(?6)){0,5})?::(?7)?))|(?>(?>IPv6:(?>(?6)(?>:(?6)){5}:|(?!(?:.*[a-f0-9]:){5,})(?8)?::(?>((?6)(?>:(?6)){0,3}):)?))?(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])(?>\.(?9)){3}))\])(?1)$/isD',
 $address);

 I also tested this defect with a simple file like this:

 <?php

 $address = "username at email.com";
 var_dump(preg_match('/^(?!(?>(?1)"?(?>\\\[
 -~]|[^"])"?(?1)){255,})(?!(?>(?1)"?(?>\\\[
 -~]|[^"])"?(?1)){65,}@)((?>(?>(?>((?>(?>(?>\x0D\x0A)?[     ])+|(?>[
 ]*\x0D\x0A)?[
 ]+)?)(\((?>(?2)(?>[\x01-\x08\x0B\x0C\x0E-\'*-\[\]-\x7F]|\\\[\x00-\x7F]|(?3)))*(?2)\)))+(?2))|(?2))?)([!#-\'*+\/-9=?^-~-]+|"(?>(?2)(?>[\x01-\x08\x0B\x0C\x0E-!#-\[\]-\x7F]|\\\[\x00-\x7F]))*(?2)")(?>(?1)\.(?1)(?4))*(?1)@(?!(?1)[a-z0-9-]{64,})(?1)(?>([a-z0-9](?>[a-z0-9-]*[a-z0-9])?)(?>(?1)\.(?!(?1)[a-z0-9-]{64,})(?1)(?5)){0,126}|\[(?:(?>IPv6:(?>([a-f0-9]{1,4})(?>:(?6)){7}|(?!(?:.*[a-f0-9][:\]]){7,})((?6)(?>:(?6)){0,5})?::(?7)?))|(?>(?>IPv6:(?>(?6)(?>:(?6)){5}:|(?!(?:.*[a-f0-9]:){5,})(?8)?::(?>((?6)(?>:(?6)){0,3}):)?))?(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])(?>\.(?9)){3}))\])(?1)$/isD',
 $address));

 ?>

 You wil see that it takes a lot of time, or even exceeds the maximum
 execution time.

--
Ticket URL: <http://core.trac.wordpress.org/ticket/25319>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list