mirror of
https://github.com/tmdinosaurcenter/kiosk-guestbook.git
synced 2026-06-04 03:50:14 -06:00
fix: replace regex email validation with email-validator
Swap hand-rolled regex for the email-validator library which handles RFC 5322 edge cases correctly. check_deliverability=False skips DNS lookups (not viable on an intranet). Blank email still passes — only a non-empty, malformed address triggers the error.
This commit is contained in:
@@ -1,8 +1,8 @@
|
|||||||
from flask import Flask, render_template, request, redirect, url_for, jsonify, abort
|
from flask import Flask, render_template, request, redirect, url_for, jsonify, abort
|
||||||
from flask_limiter import Limiter
|
from flask_limiter import Limiter
|
||||||
from flask_limiter.util import get_remote_address
|
from flask_limiter.util import get_remote_address
|
||||||
|
from email_validator import validate_email, EmailNotValidError
|
||||||
import sqlite3
|
import sqlite3
|
||||||
import re
|
|
||||||
import logging
|
import logging
|
||||||
import os
|
import os
|
||||||
|
|
||||||
@@ -67,9 +67,11 @@ def init_db():
|
|||||||
logger.info("Database initialized.")
|
logger.info("Database initialized.")
|
||||||
|
|
||||||
def is_valid_email(email):
|
def is_valid_email(email):
|
||||||
# TODO: This regex allows edge cases like consecutive dots and leading/trailing hyphens. Consider using the `email-validator` package.
|
try:
|
||||||
pattern = r'^[\w\.-]+@[\w\.-]+\.\w+$'
|
validate_email(email, check_deliverability=False)
|
||||||
return re.match(pattern, email)
|
return True
|
||||||
|
except EmailNotValidError:
|
||||||
|
return False
|
||||||
|
|
||||||
with app.app_context():
|
with app.app_context():
|
||||||
init_db()
|
init_db()
|
||||||
|
|||||||
@@ -1,4 +1,5 @@
|
|||||||
Flask>=3.1.3
|
Flask>=3.1.3
|
||||||
Werkzeug>=3.0.6
|
Werkzeug>=3.0.6
|
||||||
Flask-Limiter>=3.0
|
Flask-Limiter>=3.0
|
||||||
|
email-validator>=2.0
|
||||||
gunicorn
|
gunicorn
|
||||||
Reference in New Issue
Block a user