Be paranoid about the Persona email address
This commit is contained in:
parent
b53bd868fb
commit
fc827a003a
|
@ -63,6 +63,10 @@ sub persona_login :Path('/persona-login') Args(0) {
|
||||||
|
|
||||||
my $email = $d->{email} or die;
|
my $email = $d->{email} or die;
|
||||||
|
|
||||||
|
# Be paranoid about the email address format, since we do use it
|
||||||
|
# in URLs.
|
||||||
|
die "Illegal email address." unless $email =~ /^[a-zA-Z0-9\.\-\_]+@[a-zA-Z0-9\.\-\_]+$/;
|
||||||
|
|
||||||
my $user = $c->find_user({ username => $email });
|
my $user = $c->find_user({ username => $email });
|
||||||
|
|
||||||
if (!$user) {
|
if (!$user) {
|
||||||
|
|
Loading…
Reference in a new issue