diff options
| -rwxr-xr-x | editflagtypes.cgi | 12 | ||||
| -rw-r--r-- | template/en/default/global/user-error.html.tmpl | 9 |
2 files changed, 17 insertions, 4 deletions
diff --git a/editflagtypes.cgi b/editflagtypes.cgi index 795ce985e..c8eb159c2 100755 --- a/editflagtypes.cgi +++ b/editflagtypes.cgi @@ -498,9 +498,17 @@ sub validateCCList { { cc_list => $cc_list }); my @addresses = split(/[, ]+/, $cc_list); + # We do not call Util::validate_email_syntax because these + # addresses do not require to match 'emailregexp' and do not + # depend on 'emailsuffix'. So we limit ourselves to a simple + # sanity check: + # - match the syntax of a fully qualified email address; + # - do not contain any illegal character. foreach my $address (@addresses) { - validate_email_syntax($address) - || ThrowUserError('illegal_email_address', {addr => $address}); + ($address =~ /^[\w\.\+\-=]+@[\w\.\-]+\.[\w\-]+$/ + && $address !~ /[\\\(\)<>&,;:"\[\] \t\r\n]/) + || ThrowUserError('illegal_email_address', + {addr => $address, default => 1}); } trick_taint($cc_list); return $cc_list; diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index 350f2c8a0..4ff86c34a 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -556,8 +556,13 @@ [% ELSIF error == "illegal_email_address" %] [% title = "Invalid Email Address" %] The e-mail address you entered (<b>[% addr FILTER html %]</b>) - didn't pass our syntax checking for a legal email address. - [%+ Param('emailregexpdesc') %] + didn't pass our syntax checking for a legal email address. + [% IF default %] + A legal address must contain exactly one '@', + and at least one '.' after the @. + [% ELSE %] + [%+ Param('emailregexpdesc') %] + [% END %] It must also not contain any of these special characters: <tt>\ ( ) & < > , ; : " [ ]</tt>, or any whitespace. |