From 70bc57e88d7b3f24c31e8cacd3f0afa3bb2ab836 Mon Sep 17 00:00:00 2001
From: Ahmad Gneady <support@bigprof.com>
Date: Sun, 11 Jul 2021 01:22:27 +0200
Subject: [PATCH] Revert `isEmail()` function to use regex rather than PHP
 `filter_var` which is vulnerable to xss :/

---
 app/admin/incFunctions.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/app/admin/incFunctions.php b/app/admin/incFunctions.php
index 7d5089d..0054c93 100644
--- a/app/admin/incFunctions.php
+++ b/app/admin/incFunctions.php
@@ -825,8 +825,11 @@ function bootstrapSQLSelect($name, $sql, $selectedValue, $class = '', $selectedC
 		return '';
 	}
 	########################################################################
-	function isEmail($email) {
-		return filter_var(trim($email), FILTER_VALIDATE_EMAIL);
+	function isEmail($email){
+		if(preg_match('/^([*+!.&#$¦\'\\%\/0-9a-z^_`{}=?~:-]+)@(([0-9a-z-]+\.)+[0-9a-z]{2,30})$/i', $email))
+			return $email;
+
+		return false;
 	}
 	########################################################################
 	function notifyMemberApproval($memberID) {