mirror of
				https://github.com/go-gitea/gitea.git
				synced 2025-10-25 00:02:47 -04:00 
			
		
		
		
	Make e-mail sanity check more precise (#20991)
For security reasons, all e-mail addresses starting with non-alphanumeric characters were rejected. This is too broad and rejects perfectly valid e-mail addresses. Only leading hyphens should be rejected -- in all other cases e-mail address specification should follow RFC 5322. Co-authored-by: Andreas Fischer <_@ndreas.de> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
This commit is contained in:
		
							parent
							
								
									b5a54f03a2
								
							
						
					
					
						commit
						9862936ed3
					
				| @ -41,6 +41,7 @@ func (err ErrEmailCharIsNotSupported) Error() string { | |||||||
| } | } | ||||||
| 
 | 
 | ||||||
| // ErrEmailInvalid represents an error where the email address does not comply with RFC 5322 | // ErrEmailInvalid represents an error where the email address does not comply with RFC 5322 | ||||||
|  | // or has a leading '-' character | ||||||
| type ErrEmailInvalid struct { | type ErrEmailInvalid struct { | ||||||
| 	Email string | 	Email string | ||||||
| } | } | ||||||
| @ -134,9 +135,7 @@ func ValidateEmail(email string) error { | |||||||
| 		return ErrEmailCharIsNotSupported{email} | 		return ErrEmailCharIsNotSupported{email} | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	if !(email[0] >= 'a' && email[0] <= 'z') && | 	if email[0] == '-' { | ||||||
| 		!(email[0] >= 'A' && email[0] <= 'Z') && |  | ||||||
| 		!(email[0] >= '0' && email[0] <= '9') { |  | ||||||
| 		return ErrEmailInvalid{email} | 		return ErrEmailInvalid{email} | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -281,23 +281,25 @@ func TestEmailAddressValidate(t *testing.T) { | |||||||
| 		`first~last@iana.org`:            nil, | 		`first~last@iana.org`:            nil, | ||||||
| 		`first;last@iana.org`:            user_model.ErrEmailCharIsNotSupported{`first;last@iana.org`}, | 		`first;last@iana.org`:            user_model.ErrEmailCharIsNotSupported{`first;last@iana.org`}, | ||||||
| 		".233@qq.com":                    user_model.ErrEmailInvalid{".233@qq.com"}, | 		".233@qq.com":                    user_model.ErrEmailInvalid{".233@qq.com"}, | ||||||
| 		"!233@qq.com":                    user_model.ErrEmailInvalid{"!233@qq.com"}, | 		"!233@qq.com":                    nil, | ||||||
| 		"#233@qq.com":                    user_model.ErrEmailInvalid{"#233@qq.com"}, | 		"#233@qq.com":                    nil, | ||||||
| 		"$233@qq.com":                    user_model.ErrEmailInvalid{"$233@qq.com"}, | 		"$233@qq.com":                    nil, | ||||||
| 		"%233@qq.com":                    user_model.ErrEmailInvalid{"%233@qq.com"}, | 		"%233@qq.com":                    nil, | ||||||
| 		"&233@qq.com":                    user_model.ErrEmailInvalid{"&233@qq.com"}, | 		"&233@qq.com":                    nil, | ||||||
| 		"'233@qq.com":                    user_model.ErrEmailInvalid{"'233@qq.com"}, | 		"'233@qq.com":                    nil, | ||||||
| 		"*233@qq.com":                    user_model.ErrEmailInvalid{"*233@qq.com"}, | 		"*233@qq.com":                    nil, | ||||||
| 		"+233@qq.com":                    user_model.ErrEmailInvalid{"+233@qq.com"}, | 		"+233@qq.com":                    nil, | ||||||
| 		"/233@qq.com":                    user_model.ErrEmailInvalid{"/233@qq.com"}, | 		"-233@qq.com":                    user_model.ErrEmailInvalid{"-233@qq.com"}, | ||||||
| 		"=233@qq.com":                    user_model.ErrEmailInvalid{"=233@qq.com"}, | 		"/233@qq.com":                    nil, | ||||||
| 		"?233@qq.com":                    user_model.ErrEmailInvalid{"?233@qq.com"}, | 		"=233@qq.com":                    nil, | ||||||
| 		"^233@qq.com":                    user_model.ErrEmailInvalid{"^233@qq.com"}, | 		"?233@qq.com":                    nil, | ||||||
| 		"`233@qq.com":                    user_model.ErrEmailInvalid{"`233@qq.com"}, | 		"^233@qq.com":                    nil, | ||||||
| 		"{233@qq.com":                    user_model.ErrEmailInvalid{"{233@qq.com"}, | 		"_233@qq.com":                    nil, | ||||||
| 		"|233@qq.com":                    user_model.ErrEmailInvalid{"|233@qq.com"}, | 		"`233@qq.com":                    nil, | ||||||
| 		"}233@qq.com":                    user_model.ErrEmailInvalid{"}233@qq.com"}, | 		"{233@qq.com":                    nil, | ||||||
| 		"~233@qq.com":                    user_model.ErrEmailInvalid{"~233@qq.com"}, | 		"|233@qq.com":                    nil, | ||||||
|  | 		"}233@qq.com":                    nil, | ||||||
|  | 		"~233@qq.com":                    nil, | ||||||
| 		";233@qq.com":                    user_model.ErrEmailCharIsNotSupported{";233@qq.com"}, | 		";233@qq.com":                    user_model.ErrEmailCharIsNotSupported{";233@qq.com"}, | ||||||
| 		"Foo <foo@bar.com>":              user_model.ErrEmailCharIsNotSupported{"Foo <foo@bar.com>"}, | 		"Foo <foo@bar.com>":              user_model.ErrEmailCharIsNotSupported{"Foo <foo@bar.com>"}, | ||||||
| 		string([]byte{0xE2, 0x84, 0xAA}): user_model.ErrEmailCharIsNotSupported{string([]byte{0xE2, 0x84, 0xAA})}, | 		string([]byte{0xE2, 0x84, 0xAA}): user_model.ErrEmailCharIsNotSupported{string([]byte{0xE2, 0x84, 0xAA})}, | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user