mirror of
https://github.com/go-gitea/gitea
synced 2025-01-18 08:07:43 +01:00
Make e-mail sanity check more precise (#20991)
For security reasons, all e-mail addresses starting with non-alphanumeric characters were rejected. This is too broad and rejects perfectly valid e-mail addresses. Only leading hyphens should be rejected -- in all other cases e-mail address specification should follow RFC 5322. Co-authored-by: Andreas Fischer <_@ndreas.de> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
This commit is contained in:
parent
b5a54f03a2
commit
9862936ed3
@ -41,6 +41,7 @@ func (err ErrEmailCharIsNotSupported) Error() string {
|
||||
}
|
||||
|
||||
// ErrEmailInvalid represents an error where the email address does not comply with RFC 5322
|
||||
// or has a leading '-' character
|
||||
type ErrEmailInvalid struct {
|
||||
Email string
|
||||
}
|
||||
@ -134,9 +135,7 @@ func ValidateEmail(email string) error {
|
||||
return ErrEmailCharIsNotSupported{email}
|
||||
}
|
||||
|
||||
if !(email[0] >= 'a' && email[0] <= 'z') &&
|
||||
!(email[0] >= 'A' && email[0] <= 'Z') &&
|
||||
!(email[0] >= '0' && email[0] <= '9') {
|
||||
if email[0] == '-' {
|
||||
return ErrEmailInvalid{email}
|
||||
}
|
||||
|
||||
|
@ -281,23 +281,25 @@ func TestEmailAddressValidate(t *testing.T) {
|
||||
`first~last@iana.org`: nil,
|
||||
`first;last@iana.org`: user_model.ErrEmailCharIsNotSupported{`first;last@iana.org`},
|
||||
".233@qq.com": user_model.ErrEmailInvalid{".233@qq.com"},
|
||||
"!233@qq.com": user_model.ErrEmailInvalid{"!233@qq.com"},
|
||||
"#233@qq.com": user_model.ErrEmailInvalid{"#233@qq.com"},
|
||||
"$233@qq.com": user_model.ErrEmailInvalid{"$233@qq.com"},
|
||||
"%233@qq.com": user_model.ErrEmailInvalid{"%233@qq.com"},
|
||||
"&233@qq.com": user_model.ErrEmailInvalid{"&233@qq.com"},
|
||||
"'233@qq.com": user_model.ErrEmailInvalid{"'233@qq.com"},
|
||||
"*233@qq.com": user_model.ErrEmailInvalid{"*233@qq.com"},
|
||||
"+233@qq.com": user_model.ErrEmailInvalid{"+233@qq.com"},
|
||||
"/233@qq.com": user_model.ErrEmailInvalid{"/233@qq.com"},
|
||||
"=233@qq.com": user_model.ErrEmailInvalid{"=233@qq.com"},
|
||||
"?233@qq.com": user_model.ErrEmailInvalid{"?233@qq.com"},
|
||||
"^233@qq.com": user_model.ErrEmailInvalid{"^233@qq.com"},
|
||||
"`233@qq.com": user_model.ErrEmailInvalid{"`233@qq.com"},
|
||||
"{233@qq.com": user_model.ErrEmailInvalid{"{233@qq.com"},
|
||||
"|233@qq.com": user_model.ErrEmailInvalid{"|233@qq.com"},
|
||||
"}233@qq.com": user_model.ErrEmailInvalid{"}233@qq.com"},
|
||||
"~233@qq.com": user_model.ErrEmailInvalid{"~233@qq.com"},
|
||||
"!233@qq.com": nil,
|
||||
"#233@qq.com": nil,
|
||||
"$233@qq.com": nil,
|
||||
"%233@qq.com": nil,
|
||||
"&233@qq.com": nil,
|
||||
"'233@qq.com": nil,
|
||||
"*233@qq.com": nil,
|
||||
"+233@qq.com": nil,
|
||||
"-233@qq.com": user_model.ErrEmailInvalid{"-233@qq.com"},
|
||||
"/233@qq.com": nil,
|
||||
"=233@qq.com": nil,
|
||||
"?233@qq.com": nil,
|
||||
"^233@qq.com": nil,
|
||||
"_233@qq.com": nil,
|
||||
"`233@qq.com": nil,
|
||||
"{233@qq.com": nil,
|
||||
"|233@qq.com": nil,
|
||||
"}233@qq.com": nil,
|
||||
"~233@qq.com": nil,
|
||||
";233@qq.com": user_model.ErrEmailCharIsNotSupported{";233@qq.com"},
|
||||
"Foo <foo@bar.com>": user_model.ErrEmailCharIsNotSupported{"Foo <foo@bar.com>"},
|
||||
string([]byte{0xE2, 0x84, 0xAA}): user_model.ErrEmailCharIsNotSupported{string([]byte{0xE2, 0x84, 0xAA})},
|
||||
|
Loading…
x
Reference in New Issue
Block a user