Be paranoid about the Persona email address

This commit is contained in:
Eelco Dolstra 2013-11-05 14:40:40 +01:00
parent b53bd868fb
commit fc827a003a

View file

@ -63,6 +63,10 @@ sub persona_login :Path('/persona-login') Args(0) {
my $email = $d->{email} or die; my $email = $d->{email} or die;
# Be paranoid about the email address format, since we do use it
# in URLs.
die "Illegal email address." unless $email =~ /^[a-zA-Z0-9\.\-\_]+@[a-zA-Z0-9\.\-\_]+$/;
my $user = $c->find_user({ username => $email }); my $user = $c->find_user({ username => $email });
if (!$user) { if (!$user) {