Skip to content

Validation regexps use ^$ instead of \A\z #17

Open
viktors opened this Issue Feb 25, 2014 · 0 comments

2 participants

@viktors
viktors commented Feb 25, 2014

In app/models/masq/account.rb these two validations allow newlines:

    validates_format_of :login, :with => /^[A-Za-z0-9_@.-]+$/
    validates_format_of :email, :with => /(^([^@\s]+)@((?:[-_a-z0-9]+\.)+[a-z]{2,})$)|(^$)/i

That allows e.g. registering with a username containing newline character.

More details:
http://guides.rubyonrails.org/security.html#regular-expressions

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.