0d1bd3c5d8932b6a2fc16a48960e3fdf5db20b10 chinhli Mon Jun 4 18:21:55 2012 -0700 Check email address format in forgot password panel. diff --git src/hg/hgLogin/hgLogin.c src/hg/hgLogin/hgLogin.c index 8abfbfb..a4710dd 100644 --- src/hg/hgLogin/hgLogin.c +++ src/hg/hgLogin/hgLogin.c @@ -198,30 +198,31 @@ c = '0' + randInt(10); break; default: c = punc[randInt(8)]; break; } boundary[i] = c; } boundary[i]=0; return cloneString(boundary); } /* ---- General purpose helper routines. ---- */ int spc_email_isvalid(const char *address) { +/* Check the format of an email address syntactically. Return 1 if valid, else 0 */ /* Code copied from the book: "Secure Programming Cookbook for C and C++" By: John Viega; Matt Messier Publisher: O'Reilly Media, Inc. Pub. Date: July 14, 2003 Print ISBN-13: 978-0-596-00394-4 */ int count = 0; const char *c, *domain; static char *rfc822_specials = "()<>@,;:\\\"[]"; /* first we validate the name portion (name@domain) */ for (c = address; *c; c++) { if (*c == '\"' && (c == address || *(c - 1) == '.' || *(c - 1) == '\"')) @@ -983,30 +984,37 @@ char query[256]; char *email = cartUsualString(cart, "hgLogin_email", ""); char *username = cartUsualString(cart, "hgLogin_userName", ""); char *helpWith = cartUsualString(cart, "hgLogin_helpWith", ""); /* Forgot username */ if (sameString(helpWith,"username")) { if (sameString(email,"")) { freez(&errMsg); errMsg = cloneString("Email address cannot be blank."); displayAccHelpPage(conn); return; } + else if (spc_email_isvalid(email) == 0) + { + freez(&errMsg); + errMsg = cloneString("Invalid email address format."); + displayAccHelpPage(conn); + return; + } else { sendUsername(conn, email); return; } } /* Forgot password */ if (sameString(helpWith,"password")) { /* validate username first */ if (sameString(username,"")) { freez(&errMsg); errMsg = cloneString("Username cannot be blank."); displayAccHelpPage(conn);