diff src/get_password.html.luan @ 15:a6e72cd199f1

email security
author Franklin Schmidt <fschmidt@gmail.com>
date Sun, 01 Oct 2023 19:53:46 -0600
parents 46f6b69e8b10
children b14073ab9d07
line wrap: on
line diff
--- a/src/get_password.html.luan	Thu Jul 28 16:28:27 2022 +0300
+++ b/src/get_password.html.luan	Sun Oct 01 19:53:46 2023 -0600
@@ -1,5 +1,7 @@
 local Luan = require "luan:Luan.luan"
 local error = Luan.error
+local String = require "luan:String.luan"
+local matches = String.matches or error()
 local Io = require "luan:Io.luan"
 local output_of = Io.output_of or error()
 local Http = require "luan:http/Http.luan"
@@ -16,6 +18,7 @@
 local send_mail = config.mail_info and Mail.sender(config.mail_info).send
 
 local function handle(email)
+	matches( email, [[^(\w[-+~.\w]*)@[-\w]+(\\.[-\w]+)*\.[a-zA-Z]+$]] ) or error "invalid email"
 	local change = Http.request.parameters.change ~= nil
 	local password = config.users[email]
 	if password == nil or change then