From c2eb030f9d57890fbec6d3fe98688be71fdfb243 Mon Sep 17 00:00:00 2001
From: Lia Lenckowski <lialenck@protonmail.com>
Date: Tue, 29 Aug 2023 00:20:10 +0200
Subject: warn about sqli-type attacks with emails, and make them a bit harder

---
 src/Data/PendingBang.hs | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/Data/PendingBang.hs')

diff --git a/src/Data/PendingBang.hs b/src/Data/PendingBang.hs
index 05fafba..3a2aaa1 100644
--- a/src/Data/PendingBang.hs
+++ b/src/Data/PendingBang.hs
@@ -45,5 +45,11 @@ instance FromJSON PendingBang where
 
 verifyPendingBang :: PendingBang -> Bool
 verifyPendingBang (PendingBang n u dp mayEm) =
-    T.all isAlphaNum n && all ((<255) . T.length) strings
+    T.all isAlphaNum n &&
+    all ((<255) . T.length) strings &&
+    emailOk mayEm
   where strings = [n, u, dp] <> maybeToList mayEm
+        emailOk Nothing = True
+        emailOk (Just e) =
+            T.all (\c -> isAlphaNum c || c `T.elem` "@-.") e &&
+            T.take 1 e /= "-"
-- 
cgit v1.2.3-70-g09d2