{ cc_list => $cgi->param('cc_list') });
my @addresses = split(/[, ]+/, $cgi->param('cc_list'));
- foreach my $address (@addresses) { CheckEmailSyntax($address) }
+ # We do not call Util::validate_email_syntax because these
+ # addresses do not require to match 'emailregexp' and do not
+ # depend on 'emailsuffix'. So we limit ourselves to a simple
+ # sanity check:
+ # - match the syntax of a fully qualified email address;
+ # - do not contain any illegal character.
+ foreach my $address (@addresses) {
+ ($address =~ /^[\w\.\+\-=]+@[\w\.\-]+\.[\w\-]+$/
+ && $address !~ /[\\\(\)<>&,;:"\[\] \t\r\n]/)
+ || ThrowUserError('illegal_email_address',
+ {addr => $address, default => 1});
+ }
}
sub validateProduct {
[% ELSIF error == "illegal_email_address" %]
[% title = "Invalid Email Address" %]
The e-mail address you entered (<b>[% addr FILTER html %]</b>)
- didn't pass our syntax checking for a legal email address.
- [%+ Param('emailregexpdesc') %]
+ didn't pass our syntax checking for a legal email address.
+ [% IF default %]
+ A legal address must contain exactly one '@',
+ and at least one '.' after the @.
+ [% ELSE %]
+ [%+ Param('emailregexpdesc') %]
+ [% END %]
It must also not contain any of these special characters:
<tt>\ ( ) & < > , ; : " [ ]</tt>, or any whitespace.
projects / thirdparty / bugzilla.git / commitdiff
