Skip to content
Permalink
Browse files
Revert isEmail() function to use regex rather than PHP filter_var
… which is vulnerable to xss :/
  • Loading branch information
Ahmad Gneady committed Jul 10, 2021
1 parent 8271981 commit 70bc57e88d7b3f24c31e8cacd3f0afa3bb2ab836
Showing with 5 additions and 2 deletions.
  1. +5 −2 app/admin/incFunctions.php
@@ -825,8 +825,11 @@ function bootstrapSQLSelect($name, $sql, $selectedValue, $class = '', $selectedC
return '';
}
########################################################################
function isEmail($email) {
return filter_var(trim($email), FILTER_VALIDATE_EMAIL);
function isEmail($email){
if(preg_match('/^([*+!.&#$¦\'\\%\/0-9a-z^_`{}=?~:-]+)@(([0-9a-z-]+\.)+[0-9a-z]{2,30})$/i', $email))
return $email;

return false;
}
########################################################################
function notifyMemberApproval($memberID) {

0 comments on commit 70bc57e

Please sign in to comment.