warn about sqli-type attacks with emails, and make them a bit harder

author: Lia Lenckowski <lialenck@protonmail.com> 2023-08-29 00:20:10 +0200
committer: Lia Lenckowski <lialenck@protonmail.com> 2023-08-29 00:20:10 +0200
commit: c2eb030f9d57890fbec6d3fe98688be71fdfb243 (patch)
tree: 8a95f562d7738c9febe5cf5f01f510741b81395c /src
parent: 2f12a917b9f156e012c9dd6cae382bdc36fae7c7 (diff)
download: fastbangs-c2eb030f9d57890fbec6d3fe98688be71fdfb243.tar
fastbangs-c2eb030f9d57890fbec6d3fe98688be71fdfb243.tar.bz2
fastbangs-c2eb030f9d57890fbec6d3fe98688be71fdfb243.tar.zst
1 files changed, 7 insertions, 1 deletions
diff --git a/src/Data/PendingBang.hs b/src/Data/PendingBang.hs
index 05fafba..3a2aaa1 100644
--- a/src/Data/PendingBang.hs
+++ b/src/Data/PendingBang.hs
@@ -45,5 +45,11 @@ instance FromJSON PendingBang where
 
 verifyPendingBang :: PendingBang -> Bool
 verifyPendingBang (PendingBang n u dp mayEm) =
-    T.all isAlphaNum n && all ((<255) . T.length) strings
+    T.all isAlphaNum n &&
+    all ((<255) . T.length) strings &&
+    emailOk mayEm
   where strings = [n, u, dp] <> maybeToList mayEm
+        emailOk Nothing = True
+        emailOk (Just e) =
+            T.all (\c -> isAlphaNum c || c `T.elem` "@-.") e &&
+            T.take 1 e /= "-"
author	Lia Lenckowski <lialenck@protonmail.com>	2023-08-29 00:20:10 +0200
committer	Lia Lenckowski <lialenck@protonmail.com>	2023-08-29 00:20:10 +0200
commit	c2eb030f9d57890fbec6d3fe98688be71fdfb243 (patch)
tree	8a95f562d7738c9febe5cf5f01f510741b81395c /src
parent	2f12a917b9f156e012c9dd6cae382bdc36fae7c7 (diff)
download	fastbangs-c2eb030f9d57890fbec6d3fe98688be71fdfb243.tar fastbangs-c2eb030f9d57890fbec6d3fe98688be71fdfb243.tar.bz2 fastbangs-c2eb030f9d57890fbec6d3fe98688be71fdfb243.tar.zst