emails: disallow names ending with a period.

Update email validation rules to disallow the percent character (e.g. `foo%bar@gmail.com`) and names ending with a period (e.g. `foo.@gmail.com`). Names ending with a period are invalid according to the RFCs and cause `Mail::Address.new` to raise an exception. The percent character is technically legal, but only one email used it and it was probably a typo.
2022-10-17 21:32:27 -05:00
parent e31977ac29
commit 873c67db58
3 changed files with 8 additions and 3 deletions
--- a/app/logical/danbooru/email_address.rb
+++ b/app/logical/danbooru/email_address.rb
@@ -12,7 +12,7 @@ module Danbooru
    class Error < StandardError; end

    # https://www.regular-expressions.info/email.html
-    EMAIL_REGEX = /\A[a-z0-9._%+-]+@(?:[a-z0-9][a-z0-9-]{0,61}\.)+[a-z]{2,}\z/i
+    EMAIL_REGEX = /\A[a-z0-9._+-]*[a-z0-9_+-]@(?:[a-z0-9][a-z0-9-]{0,61}\.)+[a-z]{2,}\z/i

    # Sites that ignore dots in email addresses, e.g. where `foo.bar@gmail.com` is the same as `foobar@gmail.com`.
    IGNORE_DOTS = %w[gmail.com]
@@ -271,6 +271,7 @@ module Danbooru
      address = address.gsub(/^mailto:/i, "") # mailto:foo@gmail.com -> foo@gmail.com
      address = address.gsub(/.* <(.*)>$/, '\1') # foo <bar@gmail.com> -> bar@gmail.com
      address = address.gsub(/@\./, "@") # @.gmail.com -> @gmail.com
+      address = address.gsub(/\.+@/, "@") # foo..@gmail.com -> foo@gmail.com
      address = address.gsub(/@com$/i, ".com") # @gmail@com -> @gmail.com
      address = address.gsub(/\.co,$/i, '.com') # @gmail.co, -> @gmail.com
      address = address.gsub(/\.com.$/i, '.com') # @gmail.com, -> @gmail.com