diff options
Diffstat (limited to 'editflagtypes.cgi')
| -rwxr-xr-x | editflagtypes.cgi | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/editflagtypes.cgi b/editflagtypes.cgi index 795ce985e..c8eb159c2 100755 --- a/editflagtypes.cgi +++ b/editflagtypes.cgi @@ -498,9 +498,17 @@ sub validateCCList { { cc_list => $cc_list }); my @addresses = split(/[, ]+/, $cc_list); + # We do not call Util::validate_email_syntax because these + # addresses do not require to match 'emailregexp' and do not + # depend on 'emailsuffix'. So we limit ourselves to a simple + # sanity check: + # - match the syntax of a fully qualified email address; + # - do not contain any illegal character. foreach my $address (@addresses) { - validate_email_syntax($address) - || ThrowUserError('illegal_email_address', {addr => $address}); + ($address =~ /^[\w\.\+\-=]+@[\w\.\-]+\.[\w\-]+$/ + && $address !~ /[\\\(\)<>&,;:"\[\] \t\r\n]/) + || ThrowUserError('illegal_email_address', + {addr => $address, default => 1}); } trick_taint($cc_list); return $cc_list; |