github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 20:41:24 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SECURITY: Block registrations for encoded emails that are invalid

Browse Source
This commit is contained in:
OsamaSayegh
2024-08-27 00:20:37 +03:00
committed by Alan Guo Xiang Tan
parent 34d04e7507
commit d7164d57ec
2 changed files with 37 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
lib/validators/email_address_validator.rb
View File

@ -1,11 +1,21 @@
# frozen_string_literal: true
class EmailAddressValidator
def self.valid_value?(email)
email.match? email_regex
end
class << self
def valid_value?(email)
email.match?(email_regex) && decode(email)&.match?(email_regex)
end
def self.email_regex
/\A[a-zA-Z0-9!#\$%&'*+\/=?\^_`{|}~\-]+(?:\.[a-zA-Z0-9!#\$%&'\*+\/=?\^_`{|}~\-]+)*@(?:[a-zA-Z0-9](?:[a-zA-Z0-9\-]*[a-zA-Z0-9])?\.)+[a-zA-Z0-9](?:[a-zA-Z0-9\-]*[a-zA-Z0-9])?$\z/
def email_regex
/\A[a-zA-Z0-9!#\$%&'*+\/=?\^_`{|}~\-]+(?:\.[a-zA-Z0-9!#\$%&'\*+\/=?\^_`{|}~\-]+)*@(?:[a-zA-Z0-9](?:[a-zA-Z0-9\-]*[a-zA-Z0-9])?\.)+[a-zA-Z0-9](?:[a-zA-Z0-9\-]*[a-zA-Z0-9])?$\z/
end
private
def decode(email)
Mail::Address.new(email).decoded
rescue Mail::Field::ParseError, Mail::Field::IncompleteParseError
nil
end
end
end