From acac0cfb3afa26fd6556aa9f835869febcda97d8 Mon Sep 17 00:00:00 2001 From: Eric Wong Date: Wed, 6 Jul 2016 00:36:59 +0000 Subject: [PATCH] address: attempt to handle comments somewhat They're uncommon, fortunately, but we make no attempt to handle nested comments (which would open us up to things like CVE-2015-7686) or use the comment in place of a missing name. --- lib/PublicInbox/Address.pm | 6 ++++-- t/address.t | 9 +++++++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/lib/PublicInbox/Address.pm b/lib/PublicInbox/Address.pm index e17d0b57..2c0bb040 100644 --- a/lib/PublicInbox/Address.pm +++ b/lib/PublicInbox/Address.pm @@ -7,7 +7,9 @@ use warnings; # very loose regexes, here. We don't need RFC-compliance, # just enough to make thing sanely displayable and pass to git -sub emails { ($_[0] =~ /([\w\.\+=\-]+\@[\w\.\-]+)>?\s*(?:,\s*|\z)/g) } +sub emails { + ($_[0] =~ /([\w\.\+=\-]+\@[\w\.\-]+)>?\s*(?:\(.*?\))?(?:,\s*|\z)/g) +} sub names { map { @@ -19,7 +21,7 @@ sub names { $e = $_ =~ /\S/ ? $_ : $e; $e =~ s/\@\S+\z//; $e; - } split(/\@+[\w\.\-]+>?\s*(?:,\s*|\z)/, $_[0]); + } split(/\@+[\w\.\-]+>?\s*(?:\(.*?\))?(?:,\s*|\z)/, $_[0]); } 1; diff --git a/t/address.t b/t/address.t index 3191fed0..287fcfa0 100644 --- a/t/address.t +++ b/t/address.t @@ -20,4 +20,13 @@ is_deeply(['User', 'e', 'John A. Doe', 'x'], \@names, @names = PublicInbox::Address::names('"user@example.com" '); is_deeply(['user'], \@names, 'address-as-name extraction works as expected'); + +{ + my $backwards = 'u@example.com (John Q. Public)'; + @names = PublicInbox::Address::names($backwards); + is_deeply(\@names, ['u'], 'backwards name OK'); + my @emails = PublicInbox::Address::emails($backwards); + is_deeply(\@emails, ['u@example.com'], 'backwards emails OK'); +} + done_testing; -- 2.44.0