Be paranoid about the Persona email address

2013-11-05 14:40:40 +01:00 · 2013-11-05 14:40:40 +01:00 · fc827a003a
parent b53bd868fb
commit fc827a003a
1 changed files with 4 additions and 0 deletions
--- a/src/lib/Hydra/Controller/User.pm
+++ b/src/lib/Hydra/Controller/User.pm
@ -63,6 +63,10 @@ sub persona_login :Path('/persona-login') Args(0) {

    my $email = $d->{email} or die;

+    # Be paranoid about the email address format, since we do use it
+    # in URLs.
+    die "Illegal email address." unless $email =~ /^[a-zA-Z0-9\.\-\_]+@[a-zA-Z0-9\.\-\_]+$/;
+
    my $user = $c->find_user({ username => $email });

    if (!$user) {