emails: disallow names ending with a period.

Update email validation rules to disallow the percent character (e.g.
`foo%bar@gmail.com`) and names ending with a period (e.g. `foo.@gmail.com`).
Names ending with a period are invalid according to the RFCs and cause
`Mail::Address.new` to raise an exception.

The percent character is technically legal, but only one email used it
and it was probably a typo.
This commit is contained in:
evazion
2022-10-17 21:32:27 -05:00
parent e31977ac29
commit 873c67db58
3 changed files with 8 additions and 3 deletions

View File

@@ -12,7 +12,7 @@ module Danbooru
class Error < StandardError; end
# https://www.regular-expressions.info/email.html
EMAIL_REGEX = /\A[a-z0-9._%+-]+@(?:[a-z0-9][a-z0-9-]{0,61}\.)+[a-z]{2,}\z/i
EMAIL_REGEX = /\A[a-z0-9._+-]*[a-z0-9_+-]@(?:[a-z0-9][a-z0-9-]{0,61}\.)+[a-z]{2,}\z/i
# Sites that ignore dots in email addresses, e.g. where `foo.bar@gmail.com` is the same as `foobar@gmail.com`.
IGNORE_DOTS = %w[gmail.com]
@@ -271,6 +271,7 @@ module Danbooru
address = address.gsub(/^mailto:/i, "") # mailto:foo@gmail.com -> foo@gmail.com
address = address.gsub(/.* <(.*)>$/, '\1') # foo <bar@gmail.com> -> bar@gmail.com
address = address.gsub(/@\./, "@") # @.gmail.com -> @gmail.com
address = address.gsub(/\.+@/, "@") # foo..@gmail.com -> foo@gmail.com
address = address.gsub(/@com$/i, ".com") # @gmail@com -> @gmail.com
address = address.gsub(/\.co,$/i, '.com') # @gmail.co, -> @gmail.com
address = address.gsub(/\.com.$/i, '.com') # @gmail.com, -> @gmail.com