address: attempt to handle comments somewhat

They're uncommon, fortunately, but we make no attempt to
handle nested comments (which would open us up to things
like CVE-2015-7686) or use the comment in place of a
missing name.

diff --git a/lib/PublicInbox/Address.pm b/lib/PublicInbox/Address.pm
index e17d0b574ec9337cc57f735ee3def5cedff10495..2c0bb040e785ddaa0cb2e9ad01394b06f11dc005 100644 (file)
--- a/lib/PublicInbox/Address.pm
+++ b/lib/PublicInbox/Address.pm
@@ -7,7 +7,9 @@ use warnings;
 # very loose regexes, here.  We don't need RFC-compliance,
 # just enough to make thing sanely displayable and pass to git
 
-sub emails { ($_[0] =~ /([\w\.\+=\-]+\@[\w\.\-]+)>?\s*(?:,\s*|\z)/g) }
+sub emails {
+       ($_[0] =~ /([\w\.\+=\-]+\@[\w\.\-]+)>?\s*(?:\(.*?\))?(?:,\s*|\z)/g)
+}
 
 sub names {
        map {
@@ -19,7 +21,7 @@ sub names {
                $e = $_ =~ /\S/ ? $_ : $e;
                $e =~ s/\@\S+\z//;
                $e;
-       } split(/\@+[\w\.\-]+>?\s*(?:,\s*|\z)/, $_[0]);
+       } split(/\@+[\w\.\-]+>?\s*(?:\(.*?\))?(?:,\s*|\z)/, $_[0]);
 }
 
 1;

diff --git a/t/address.t b/t/address.t
index 3191fed01013d030eae2a3e2761cc6cff9201f64..287fcfa05406672ed25df82e6c11f83f2766dc7c 100644 (file)
--- a/t/address.t
+++ b/t/address.t
@@ -20,4 +20,13 @@ is_deeply(['User', 'e', 'John A. Doe', 'x'], \@names,
 @names = PublicInbox::Address::names('"user@example.com" <user@example.com>');
 is_deeply(['user'], \@names, 'address-as-name extraction works as expected');
 
+
+{
+       my $backwards = 'u@example.com (John Q. Public)';
+       @names = PublicInbox::Address::names($backwards);
+       is_deeply(\@names, ['u'], 'backwards name OK');
+       my @emails = PublicInbox::Address::emails($backwards);
+       is_deeply(\@emails, ['u@example.com'], 'backwards emails OK');
+}
+
 done_testing;