MDL-66762 user: stricter email validation.
authorPaul Holden <paulh@moodle.com>
Fri, 1 Nov 2019 13:04:48 +0000 (13:04 +0000)
committerAdrian Greeve <abgreeve@gmail.com>
Thu, 7 Nov 2019 01:00:19 +0000 (09:00 +0800)
lib/tests/weblib_test.php
lib/weblib.php

index d3895a5..4e81345 100644 (file)
@@ -525,6 +525,18 @@ EXPECTED;
                 'email' => "moodle@example.com>\r\nRCPT TO:<victim@example.com",
                 'result' => false
             ],
+            [
+                'email' => 'greater>than@example.com',
+                'result' => false
+            ],
+            [
+                'email' => 'less<than@example.com',
+                'result' => false
+            ],
+            [
+                'email' => '"this<is>validbutwerejectit"@example.com',
+                'result' => false
+            ],
 
             // Extra email addresses from Wikipedia page on Email Addresses.
             // Valid.
index 095caaf..f786ba9 100644 (file)
@@ -1110,7 +1110,7 @@ function validate_email($address) {
     global $CFG;
     require_once($CFG->libdir.'/phpmailer/moodle_phpmailer.php');
 
-    return moodle_phpmailer::validateAddress($address);
+    return moodle_phpmailer::validateAddress($address) && !preg_match('/[<>]/', $address);
 }
 
 /**