FIX: Don't allow invalid email to be saved.

app/models/email_change_request.rb

@@ -1,6 +1,12 @@
+require_dependency 'email_validator'
+
 class EmailChangeRequest < ActiveRecord::Base
   belongs_to :old_email_token, class_name: 'EmailToken'
   belongs_to :new_email_token, class_name: 'EmailToken'
+  belongs_to :user
+
+  validates :old_email, presence: true
+  validates :new_email, presence: true, format: { with: EmailValidator.email_regex }
 
   def self.states
     @states ||= Enum.new(authorizing_old: 1, authorizing_new: 2, complete: 3)

app/models/user.rb

@@ -1,5 +1,6 @@
 require_dependency 'email'
 require_dependency 'email_token'
+require_dependency 'email_validator'
 require_dependency 'trust_level'
 require_dependency 'pbkdf2'
 require_dependency 'discourse'
@@ -76,6 +77,7 @@ class User < ActiveRecord::Base
   validates_presence_of :username
   validate :username_validator, if: :username_changed?
   validates :email, presence: true, uniqueness: true
+  validates :email, format: { with: EmailValidator.email_regex }, if: :email_changed?
   validates :email, email: true, if: :should_validate_email?
   validate :password_validator
   validates :name, user_full_name: true, if: :name_changed?

app/models/username_validator.rb

@@ -1,3 +1,5 @@
+require_dependency 'user'
+
 class UsernameValidator
   # Public: Perform the validation of a field in a given object
   # it adds the errors (if any) to the object that we're giving as parameter