luckyimnotanigger/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-05-31 20:02:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

Make e-mail sanity check more precise (#20991)

Browse source 
For security reasons, all e-mail addresses starting with
non-alphanumeric characters were rejected. This is too broad and rejects
perfectly valid e-mail addresses. Only leading hyphens should be
rejected -- in all other cases e-mail address specification should
follow RFC 5322.

Co-authored-by: Andreas Fischer <_@ndreas.de>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
This commit is contained in:
Andreas Fischer 2022-10-12 04:44:09 +02:00 committed by GitHub
parent b5a54f03a2
commit 9862936ed3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 21 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

5
models/user/email_address.go
View file

@ -41,6 +41,7 @@ func (err ErrEmailCharIsNotSupported) Error() string {
}
// ErrEmailInvalid represents an error where the email address does not comply with RFC 5322
// or has a leading '-' character
type ErrEmailInvalid struct {
Email string
}
@ -134,9 +135,7 @@ func ValidateEmail(email string) error {
return ErrEmailCharIsNotSupported{email}
}
if !(email[0] >= 'a' && email[0] <= 'z') &&
!(email[0] >= 'A' && email[0] <= 'Z') &&
!(email[0] >= '0' && email[0] <= '9') {
if email[0] == '-' {
return ErrEmailInvalid{email}
}