GNUsocial
/
gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

[CONTROLLER][Security] Further sanity checks and validation done on email entry

This commit is contained in:
Eliseu Amaro 2022-01-27 17:08:20 +00:00
parent 1576d253a5
commit a17a514bfd
Signed by: eliseuamaro
GPG Key ID: 96DA09D4B97BC2D5
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/Controller/Security.php
View File

@ -18,6 +18,7 @@ use App\Security\Authenticator;
use App\Security\EmailVerifier; use App\Security\EmailVerifier;
use App\Util\Common; use App\Util\Common;
use App\Util\Exception\DuplicateFoundException; use App\Util\Exception\DuplicateFoundException;
use App\Util\Exception\EmailException;
use App\Util\Exception\EmailTakenException; use App\Util\Exception\EmailTakenException;
use App\Util\Exception\NicknameEmptyException; use App\Util\Exception\NicknameEmptyException;
use App\Util\Exception\NicknameException; use App\Util\Exception\NicknameException;
@ -81,7 +82,7 @@ class Security extends Controller
* possibly sending a confirmation email * possibly sending a confirmation email
* *
* @throws DuplicateFoundException * @throws DuplicateFoundException
* @throws EmailTakenException * @throws EmailException
* @throws EmailTakenException * @throws EmailTakenException
* @throws NicknameEmptyException * @throws NicknameEmptyException
* @throws NicknameException * @throws NicknameException
@ -144,6 +145,12 @@ class Security extends Controller
throw new EmailTakenException($found_user->getActor()); throw new EmailTakenException($found_user->getActor());
} }
unset($found_user); unset($found_user);
// Check if email is valid
$data['email'] = filter_var($data['email'], \FILTER_SANITIZE_EMAIL);
if (filter_var($data['email'], \FILTER_VALIDATE_EMAIL)) {
throw new EmailException('Invalid email entry, please use a valid email');
}
} catch (NotFoundException) { } catch (NotFoundException) {
// continue // continue
} }