Replace custom EMAIL_REGEXP with URI::MailTo::EMAIL_REGEXP for more accurate email validation (#36969).

Patch by Go MAEDA. git-svn-id: https://svn.redmine.org/redmine/trunk@22332 e93f8b46-1217-0410-a6f0-8f06a7374b81
2026-03-06 12:31:40 +01:00 · 2023-10-07 03:43:00 +00:00
parent 090323b7a0
commit 43873746ba
3 changed files with 6 additions and 4 deletions
--- a/app/models/email_address.rb
+++ b/app/models/email_address.rb
@@ -20,8 +20,6 @@
 class EmailAddress < ActiveRecord::Base
  include Redmine::SafeAttributes

-  EMAIL_REGEXP = /\A([^@\s]+)@((?:[-a-z0-9]+\.)+(?:(?:xn--[-a-z0-9]+)|(?:[a-z]{2,})))\z/i
-
  belongs_to :user

  after_update :destroy_tokens
@@ -32,7 +30,7 @@ class EmailAddress < ActiveRecord::Base
  after_destroy_commit :deliver_security_notification_destroy

  validates_presence_of :address
-  validates_format_of :address, :with => EMAIL_REGEXP, :allow_blank => true
+  validates_format_of :address, :with => URI::MailTo::EMAIL_REGEXP, :allow_blank => true
  validates_length_of :address, :maximum => User::MAIL_LENGTH_LIMIT, :allow_nil => true
  validates_uniqueness_of :address, :case_sensitive => false,
    :if => Proc.new {|email| email.address_changed? && email.address.present?}
--- a/app/models/setting.rb
+++ b/app/models/setting.rb
@@ -187,7 +187,7 @@ class Setting < ActiveRecord::Base
    if settings.key?(:mail_from)
      begin
        mail_from = Mail::Address.new(settings[:mail_from])
-        raise unless EmailAddress::EMAIL_REGEXP.match?(mail_from.address)
+        raise unless URI::MailTo::EMAIL_REGEXP.match?(mail_from.address)
      rescue
        messages << [:mail_from, l('activerecord.errors.messages.invalid')]
      end
--- a/test/unit/email_address_test.rb
+++ b/test/unit/email_address_test.rb
@@ -64,4 +64,8 @@ class EmailAddressTest < ActiveSupport::TestCase
      assert email.valid?
    end
  end
+
+  def test_should_reject_invalid_email
+    assert_not EmailAddress.new(address: 'invalid,email@example.com').valid?
+  end
 end