Subj : emailval.js accepts incomplete email addresses
To   : All
From : Codefenix
Date : Thu Aug 29 2024 08:30 am

A new user stopped by early this morning. When validating the email address, they entered an incomplete one (e.g.: user-name@gmail).

The emailval.js script accepted this and logged the error:

 8/29  03:27:06a  Node 1 <user> !JavaScript  C:\sbbs\mods\emailval.js line 130: Error: Unroutable QWKnet "to_net_addr" (gmail) in recipient object

This allowed the user to bypass the email validation process and proceed to the main menu. Granted, they didn't have their default access level adjusted either.

I assume the system must be treating user.netmail values without a "." to the right of the "@" symbol as QWKnet addresses?

In any case, I copied emailval.js script to /sbbs/mods, and added a check to the SendValidationEmail function to ensure that user.netmail values contain both a "@" and a ".":

if (user.netmail.indexOf(".") < 0 && user.netmail.indexOf("@") < 0) {
 console.print("\r\n'" + user.netmail + "' is not a valid email address!");
 console.pause();
 return;
}

This should screen out incomplete values, and prevent unwanted validation bypass attempts.

|01<|09co|03d|11e|15�|11e|03n|09ix|01>|07


...Ignorance is the mother of research.
---
� Synchronet � -=[ ConstructiveChaos BBS | conchaos.synchro.net ]=-

You are viewing proxied material from bbs.kd3.us. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.