Restrict email address validation (#17688)

This didn't follow the RFC but it's a subset of that. I think we should narrow the allowed chars at first and discuss more possibility in future PRs.
author: Lunny Xiao <xiaolunwen@gmail.com> 2022-03-15 01:39:54 +0800
committer: GitHub <noreply@github.com> 2022-03-14 18:39:54 +0100
commit: 18033f49ba8f00695dd9f885360664a383610df1 (patch)
tree: df3c1f1738353a7fffc4ac7b9e6c48e3af231b9c /routers/web
parent: 49db87a035a28cd8eaa4abdd5832f952ca6449d9 (diff)
download: gitea-18033f49ba8f00695dd9f885360664a383610df1.tar.gz
gitea-18033f49ba8f00695dd9f885360664a383610df1.zip
3 files changed, 10 insertions, 2 deletions
diff --git a/routers/web/admin/users.go b/routers/web/admin/users.go
index 1f304297c0..a7d7d62d9a 100644
--- a/routers/web/admin/users.go
+++ b/routers/web/admin/users.go
@@ -171,6 +171,9 @@ func NewUserPost(ctx *context.Context) {
 		case user_model.IsErrEmailAlreadyUsed(err):
 			ctx.Data["Err_Email"] = true
 			ctx.RenderWithErr(ctx.Tr("form.email_been_used"), tplUserNew, &form)
+		case user_model.IsErrEmailCharIsNotSupported(err):
+			ctx.Data["Err_Email"] = true
+			ctx.RenderWithErr(ctx.Tr("form.email_invalid"), tplUserNew, &form)
 		case user_model.IsErrEmailInvalid(err):
 			ctx.Data["Err_Email"] = true
 			ctx.RenderWithErr(ctx.Tr("form.email_invalid"), tplUserNew, &form)
@@ -386,7 +389,8 @@ func EditUserPost(ctx *context.Context) {
 		if user_model.IsErrEmailAlreadyUsed(err) {
 			ctx.Data["Err_Email"] = true
 			ctx.RenderWithErr(ctx.Tr("form.email_been_used"), tplUserEdit, &form)
-		} else if user_model.IsErrEmailInvalid(err) {
+		} else if user_model.IsErrEmailCharIsNotSupported(err) ||
+			user_model.IsErrEmailInvalid(err) {
 			ctx.Data["Err_Email"] = true
 			ctx.RenderWithErr(ctx.Tr("form.email_invalid"), tplUserEdit, &form)
 		} else {
diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go
index ce8ec8a1e3..9209b7335e 100644
--- a/routers/web/auth/auth.go
+++ b/routers/web/auth/auth.go
@@ -573,6 +573,9 @@ func createUserInContext(ctx *context.Context, tpl base.TplName, form interface{
 		case user_model.IsErrEmailAlreadyUsed(err):
 			ctx.Data["Err_Email"] = true
 			ctx.RenderWithErr(ctx.Tr("form.email_been_used"), tpl, form)
+		case user_model.IsErrEmailCharIsNotSupported(err):
+			ctx.Data["Err_Email"] = true
+			ctx.RenderWithErr(ctx.Tr("form.email_invalid"), tpl, form)
 		case user_model.IsErrEmailInvalid(err):
 			ctx.Data["Err_Email"] = true
 			ctx.RenderWithErr(ctx.Tr("form.email_invalid"), tpl, form)
diff --git a/routers/web/user/setting/account.go b/routers/web/user/setting/account.go
index b73122fa12..492b4f82c8 100644
--- a/routers/web/user/setting/account.go
+++ b/routers/web/user/setting/account.go
@@ -188,7 +188,8 @@ func EmailPost(ctx *context.Context) {
 
 			ctx.RenderWithErr(ctx.Tr("form.email_been_used"), tplSettingsAccount, &form)
 			return
-		} else if user_model.IsErrEmailInvalid(err) {
+		} else if user_model.IsErrEmailCharIsNotSupported(err) ||
+			user_model.IsErrEmailInvalid(err) {
 			loadAccountData(ctx)
 
 			ctx.RenderWithErr(ctx.Tr("form.email_invalid"), tplSettingsAccount, &form)
author	Lunny Xiao <xiaolunwen@gmail.com>	2022-03-15 01:39:54 +0800
committer	GitHub <noreply@github.com>	2022-03-14 18:39:54 +0100
commit	18033f49ba8f00695dd9f885360664a383610df1 (patch)
tree	df3c1f1738353a7fffc4ac7b9e6c48e3af231b9c /routers/web
parent	49db87a035a28cd8eaa4abdd5832f952ca6449d9 (diff)
download	gitea-18033f49ba8f00695dd9f885360664a383610df1.tar.gz gitea-18033f49ba8f00695dd9f885360664a383610df1.zip