Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Revert isEmail() function to use regex rather than PHP filter_var
… which is vulnerable to xss :/
  • Loading branch information
Ahmad Gneady committed Jul 10, 2021
1 parent 8271981 commit 70bc57e
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions app/admin/incFunctions.php
Expand Up @@ -825,8 +825,11 @@ function bootstrapSQLSelect($name, $sql, $selectedValue, $class = '', $selectedC
return '';
}
########################################################################
function isEmail($email) {
return filter_var(trim($email), FILTER_VALIDATE_EMAIL);
function isEmail($email){
if(preg_match('/^([*+!.&#$¦\'\\%\/0-9a-z^_`{}=?~:-]+)@(([0-9a-z-]+\.)+[0-9a-z]{2,30})$/i', $email))
return $email;

return false;
}
########################################################################
function notifyMemberApproval($memberID) {
Expand Down

0 comments on commit 70bc57e

Please sign in to comment.