From ff2c3b9234291da6bd09c874664e0b08b0c72d85 Mon Sep 17 00:00:00 2001 From: Jaimos Skriletz Date: Fri, 2 Feb 2024 15:11:55 -0700 Subject: [PATCH] Addvalidifcation to the from email in Feedback.pm Verify the from email address is at least in the form username@host.suffix before sending any email to avoid perl errors if trying to send an email from an invalid address. --- lib/WeBWorK/ContentGenerator/Feedback.pm | 28 +++++++++++++----------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/lib/WeBWorK/ContentGenerator/Feedback.pm b/lib/WeBWorK/ContentGenerator/Feedback.pm index b558bf53be..08090a11e1 100644 --- a/lib/WeBWorK/ContentGenerator/Feedback.pm +++ b/lib/WeBWorK/ContentGenerator/Feedback.pm @@ -99,28 +99,30 @@ sub initialize ($c) { # Determine the sender of the email. my $sender; - if ($user) { - if ($user->email_address) { - $sender = $user->rfc822_mailbox; - } else { - if ($user->full_name) { - $sender = $user->full_name . " <$from>"; - } else { - $sender = $from; - } - } - } else { - $sender = $from; + if ($user && $user->email_address) { + $from = $user->email_address; + $sender = $user->rfc822_mailbox; } - unless ($sender) { + unless ($from) { $c->stash->{send_error} = $c->maketext('No Sender specified.'); return; } + unless ($from =~ /^[a-zA-Z0-9.!#$%&\'*+\/=?^_`~\-]+@[a-zA-Z0-9\-]+\.[a-zA-Z0-9.\-]+$/) { + $c->stash->{send_error} = $c->maketext('Sender is not a valid email address.'); + return; + } unless ($feedback) { $c->stash->{send_error} = $c->maketext('Message was blank.'); return; } + unless ($sender) { + if ($user && $user->full_name) { + $sender = $user->full_name . " <$from>"; + } else { + $sender = $from; + } + } my %subject_map = ( 'c' => $courseID,