Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters).

2 files changed, 3 insertions, 3 deletions

diff --git a/NEWS b/NEWS
index 2f06f752d2..0f4b9201a3 100644
--- a/NEWS
+++ b/NEWS
@@ -1,10 +1,10 @@
 PHP                                                                        NEWS
 |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 0? Sep 2009, PHP 5.2.11
-- Fixed bug #48060 (pdo_pgsql - large objects are returned as empty). (Matteo)
+- Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters).
 - Fixed bug #49447 (php engine needs to correctly check for socket API return
   status on windows). (Sriram Natarajan)
-
+- Fixed bug #48060 (pdo_pgsql - large objects are returned as empty). (Matteo)
 
 03 Sep 2009, PHP 5.2.11RC2
 - Added missing sanity checks around exif processing. (Ilia)
diff --git a/ext/filter/sanitizing_filters.c b/ext/filter/sanitizing_filters.c
index 24eafd13da..cdfe08c29b 100644
--- a/ext/filter/sanitizing_filters.c
+++ b/ext/filter/sanitizing_filters.c
@@ -275,7 +275,7 @@ void php_filter_unsafe_raw(PHP_INPUT_FILTER_PARAM_DECL)
 void php_filter_email(PHP_INPUT_FILTER_PARAM_DECL)
 {
 	/* Check section 6 of rfc 822 http://www.faqs.org/rfcs/rfc822.html */
-	const unsigned char allowed_list[] = LOWALPHA HIALPHA DIGIT "!#$%&'*+-/=?^_`{|}~@.[]";
+	const unsigned char allowed_list[] = LOWALPHA HIALPHA DIGIT "!#$%&'*+-=?^_`{|}~@.[]";
 	filter_map     map;
 
 	filter_map_init(&map);