From: Fabian Ebner <f.ebner@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH v2 common 1/8] sendmail: use more complete email regex and shellquote
Date: Mon, 15 Feb 2021 13:24:55 +0100 [thread overview]
Message-ID: <20210215122502.23854-2-f.ebner@proxmox.com> (raw)
In-Reply-To: <20210215122502.23854-1-f.ebner@proxmox.com>
Shellquote is needed for '~', and while it doesn't help with '-', there should
be no problem, because options are separated from mailto since commit
216a3f4f131693dc4bbad5e06e96a61baef5f5e9.
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
---
New in v2.
Since JSONSchema already uses Tools, the pattern has to live in Tools.
src/PVE/JSONSchema.pm | 2 +-
src/PVE/Tools.pm | 17 ++++++++++++-----
2 files changed, 13 insertions(+), 6 deletions(-)
diff --git a/src/PVE/JSONSchema.pm b/src/PVE/JSONSchema.pm
index 29ada5b..5870b69 100644
--- a/src/PVE/JSONSchema.pm
+++ b/src/PVE/JSONSchema.pm
@@ -471,7 +471,7 @@ register_format('email', \&pve_verify_email);
sub pve_verify_email {
my ($email, $noerr) = @_;
- if ($email !~ /^[\w\+\-\~]+(\.[\w\+\-\~]+)*@[a-zA-Z0-9\-]+(\.[a-zA-Z0-9\-]+)*$/) {
+ if ($email !~ /^$PVE::Tools::EMAIL_RE$/) {
return undef if $noerr;
die "value does not look like a valid email address\n";
}
diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm
index 7fefa52..fc4a367 100644
--- a/src/PVE/Tools.pm
+++ b/src/PVE/Tools.pm
@@ -87,6 +87,9 @@ our $IPV6RE = "(?:" .
our $IPRE = "(?:$IPV4RE|$IPV6RE)";
+our $EMAIL_USER_RE = qr/[\w\+\-\~]+(\.[\w\+\-\~]+)*/;
+our $EMAIL_RE = qr/$EMAIL_USER_RE@[a-zA-Z0-9\-]+(\.[a-zA-Z0-9\-]+)*/;
+
use constant {CLONE_NEWNS => 0x00020000,
CLONE_NEWUTS => 0x04000000,
CLONE_NEWIPC => 0x08000000,
@@ -1469,23 +1472,27 @@ sub sync_mountpoint {
# mailto may be a single email string or an array of receivers
sub sendmail {
my ($mailto, $subject, $text, $html, $mailfrom, $author) = @_;
- my $mail_re = qr/[^-a-zA-Z0-9+._@]/;
$mailto = [ $mailto ] if !ref($mailto);
+ my $mailto_quoted = [];
for my $to (@$mailto) {
- die "illegal character in mailto address\n" if $to =~ $mail_re;
+ die "mailto does not look like a valid email address or username\n"
+ if $to !~ /^$EMAIL_RE$/ && $to !~ /^$EMAIL_USER_RE$/;
+ push @$mailto_quoted, shellquote($to);
}
my $rcvrtxt = join (', ', @$mailto);
$mailfrom = $mailfrom || "root";
- die "illegal character in mailfrom address\n" if $mailfrom =~ $mail_re;
+ die "mailfrom does not look like a valid email address or username\n"
+ if $mailfrom !~ /^$EMAIL_RE$/ && $mailfrom !~ /^$EMAIL_USER_RE$/;
+ my $mailfrom_quoted = shellquote($mailfrom);
$author = $author // 'Proxmox VE';
- open (MAIL, "|-", "sendmail", "-B", "8BITMIME", "-f", $mailfrom, "--", @$mailto) ||
- die "unable to open 'sendmail' - $!";
+ open (MAIL, "|-", "sendmail", "-B", "8BITMIME", "-f", $mailfrom_quoted,
+ "--", @$mailto_quoted) || die "unable to open 'sendmail' - $!";
my $date = time2str('%a, %d %b %Y %H:%M:%S %z', time());
--
2.20.1
next prev parent reply other threads:[~2021-02-15 12:25 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-15 12:24 [pve-devel] [PATCH-SERIES v2] loosen up mailto regex for backwards compatibility Fabian Ebner
2021-02-15 12:24 ` Fabian Ebner [this message]
2021-02-18 11:54 ` [pve-devel] applied: [PATCH v2 common 1/8] sendmail: use more complete email regex and shellquote Thomas Lamprecht
2021-02-15 12:24 ` [pve-devel] [PATCH v2 common 2/8] register email-or-username format Fabian Ebner
2021-02-18 11:54 ` [pve-devel] applied: " Thomas Lamprecht
2021-02-15 12:24 ` [pve-devel] [PATCH v2 guest-common 3/8] vzdump: command line: refactor handling prune-backups Fabian Ebner
2021-02-15 12:24 ` [pve-devel] [PATCH v2 guest-common 4/8] vzdump: command line: make sure mailto is comma-separated Fabian Ebner
2021-02-15 12:24 ` [pve-devel] [PATCH v2 guest-common 5/8] vzdump: mailto: use email-or-username-list format Fabian Ebner
2021-02-15 12:25 ` [pve-devel] [PATCH v2 manager 6/8] vzdump: refactor parsing mailto so it can be mocked Fabian Ebner
2021-02-15 12:25 ` [pve-devel] [PATCH v2 manager 7/8] test: vzdump: add tests for mailto Fabian Ebner
2021-02-15 12:25 ` [pve-devel] [PATCH v2 manager 8/8] test: vzdump: rename vzdump_new_retention_test.pl to vzdump_new_test.pl Fabian Ebner
2021-02-17 9:52 ` [pve-devel] [PATCH-SERIES v2] loosen up mailto regex for backwards compatibility Dominik Csapak
2021-02-17 10:35 ` Fabian Ebner
2021-02-17 11:42 ` Fabian Ebner
2021-02-19 15:36 ` [pve-devel] applied: " Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210215122502.23854-2-f.ebner@proxmox.com \
--to=f.ebner@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.