Skip to content
This repository has been archived by the owner on Oct 26, 2018. It is now read-only.

Validation regexps use ^$ instead of \A\z #17

Open
viktors opened this issue Feb 25, 2014 · 0 comments
Open

Validation regexps use ^$ instead of \A\z #17

viktors opened this issue Feb 25, 2014 · 0 comments
Assignees
@dennisreimann
Labels
bug

Comments

@viktors
Copy link

viktors commented Feb 25, 2014

In app/models/masq/account.rb these two validations allow newlines:

    validates_format_of :login, :with => /^[[email protected]]+$/
    validates_format_of :email, :with => /(^([^@\s]+)@((?:[-_a-z0-9]+\.)+[a-z]{2,})$)|(^$)/i

That allows e.g. registering with a username containing newline character.

More details:
http://guides.rubyonrails.org/security.html#regular-expressions
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@dennisreimann dennisreimann

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dennisreimann @viktors