From: Alexander Ebert <ebert@woltlab.com>
Date: Sun, 2 Oct 2016 11:21:55 +0000 (+0200)
Subject: Properly validating sender email address
X-Git-Tag: 3.0.0_Beta_2~22
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=bbcd7ab6559d3c809aa387036a4c8ee878cc4588;p=GitHub%2FWoltLab%2FWCF.git

Properly validating sender email address
---

diff --git a/wcfsetup/install/files/acp/templates/userMail.tpl b/wcfsetup/install/files/acp/templates/userMail.tpl
index f8574b6855..98a6e1c3cf 100644
--- a/wcfsetup/install/files/acp/templates/userMail.tpl
+++ b/wcfsetup/install/files/acp/templates/userMail.tpl
@@ -100,6 +100,8 @@
 					<small class="innerError">
 						{if $errorType == 'empty'}
 							{lang}wcf.global.form.error.empty{/lang}
+						{elseif $errorType == 'invalid'}
+							{lang}wcf.user.email.error.invalid{/lang}
 						{else}
 							{lang}wcf.acp.user.sendMail.subject.from.{@$errorType}{/lang}
 						{/if}
diff --git a/wcfsetup/install/files/lib/acp/form/UserMailForm.class.php b/wcfsetup/install/files/lib/acp/form/UserMailForm.class.php
index 642c70f9ca..41c4ff214f 100755
--- a/wcfsetup/install/files/lib/acp/form/UserMailForm.class.php
+++ b/wcfsetup/install/files/lib/acp/form/UserMailForm.class.php
@@ -4,6 +4,7 @@ use wcf\data\user\group\UserGroup;
 use wcf\data\user\UserList;
 use wcf\form\AbstractForm;
 use wcf\system\clipboard\ClipboardHandler;
+use wcf\system\email\EmailGrammar;
 use wcf\system\exception\IllegalLinkException;
 use wcf\system\exception\SystemException;
 use wcf\system\exception\UserInputException;
@@ -120,6 +121,9 @@ class UserMailForm extends AbstractForm {
 		if (empty($this->from)) {
 			throw new UserInputException('from');
 		}
+		else if (!preg_match('(^'.EmailGrammar::getGrammar('addr-spec').'$)', $this->from)) {
+			throw new UserInputException('from', 'invalid');
+		}
 	}
 	
 	/**