masq icon indicating copy to clipboard operation
masq copied to clipboard

Published 20 hours ago verified publisher icon dennisreimann

Validation regexps use ^$ instead of \A\z

Open viktors opened this issue 10 years ago • 0 comments

In app/models/masq/account.rb these two validations allow newlines:

    validates_format_of :login, :with => /^[[email protected]]+$/
    validates_format_of :email, :with => /(^([^@\s]+)@((?:[-_a-z0-9]+\.)+[a-z]{2,})$)|(^$)/i

That allows e.g. registering with a username containing newline character.

More details: http://guides.rubyonrails.org/security.html#regular-expressions

viktors avatar Feb 25 '14 10:02 viktors