- Match the ENTIRE string in isEmailAddress, because otherwise things like :

"dave@slicer.ca';DROP TABLE students; --" will match.
2007-11-09 07:20:10 +00:00 · 2007-11-09 07:20:10 +00:00 · fb65e87587
commit fb65e87587
parent 41053418d8
1 changed files with 1 additions and 1 deletions
--- a/common.inc.php
+++ b/common.inc.php
@ -796,7 +796,7 @@ function outputStatus($status)

 //returns true if its a valid email address, false if its not
 function isEmailAddress($str) {
-	if(eregi('[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})', $str))
+	if(eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $str))
 		return true;
 	else
 		return false;