Subj : emailval.js accepts incomplete email addresses
To   : Codefenix
From : Keyop
Date : Thu Aug 29 2024 11:01 pm

 Re: emailval.js accepts incomplete email addresses
 By: Codefenix to All on Thu Aug 29 2024 08:30:51

> A new user stopped by early this morning. When validating the email address, they entered an incomplete one (e.g.: user-name@gmail).
>
> The emailval.js script accepted this and logged the error:
>
>   8/29  03:27:06a  Node 1 <user> !JavaScript  C:\sbbs\mods\emailval.js line 130: Error: Unroutable QWKnet "to_net_addr" (gmail) in recipient object
>
> This allowed the user to bypass the email validation process and proceed to the main menu. Granted, they didn't have their default access level adjusted either.
>
> I assume the system must be treating user.netmail values without a "." to the right of the "@" symbol as QWKnet addresses?
>
> In any case, I copied emailval.js script to /sbbs/mods, and added a check to the SendValidationEmail function to ensure that user.netmail values contain both a "@" and a ".":
>
> if (user.netmail.indexOf(".") < 0 && user.netmail.indexOf("@") < 0) {
>   console.print("\r\n'" + user.netmail + "' is not a valid email address!");
>   console.pause();
>   return;
> }
>
> This should screen out incomplete values, and prevent unwanted validation bypass attempts.

I've had a similar problem with someone using @domain

I will look to use your code, but I think it would be great if DigitalMan could add a fix to master.

---
� Synchronet � >>> Magnum BBS <<< - bbs.magnum.uk.net

You are viewing proxied material from bbs.kd3.us. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.