From acac0cfb3afa26fd6556aa9f835869febcda97d8 Mon Sep 17 00:00:00 2001
From: Eric Wong <e@80x24.org>
Date: Wed, 6 Jul 2016 00:36:59 +0000
Subject: [PATCH] address: attempt to handle comments somewhat

They're uncommon, fortunately, but we make no attempt to
handle nested comments (which would open us up to things
like CVE-2015-7686) or use the comment in place of a
missing name.
---
 lib/PublicInbox/Address.pm | 6 ++++--
 t/address.t                | 9 +++++++++
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/lib/PublicInbox/Address.pm b/lib/PublicInbox/Address.pm
index e17d0b57..2c0bb040 100644
--- a/lib/PublicInbox/Address.pm
+++ b/lib/PublicInbox/Address.pm
@@ -7,7 +7,9 @@ use warnings;
 # very loose regexes, here.  We don't need RFC-compliance,
 # just enough to make thing sanely displayable and pass to git
 
-sub emails { ($_[0] =~ /([\w\.\+=\-]+\@[\w\.\-]+)>?\s*(?:,\s*|\z)/g) }
+sub emails {
+	($_[0] =~ /([\w\.\+=\-]+\@[\w\.\-]+)>?\s*(?:\(.*?\))?(?:,\s*|\z)/g)
+}
 
 sub names {
 	map {
@@ -19,7 +21,7 @@ sub names {
 		$e = $_ =~ /\S/ ? $_ : $e;
 		$e =~ s/\@\S+\z//;
 		$e;
-	} split(/\@+[\w\.\-]+>?\s*(?:,\s*|\z)/, $_[0]);
+	} split(/\@+[\w\.\-]+>?\s*(?:\(.*?\))?(?:,\s*|\z)/, $_[0]);
 }
 
 1;
diff --git a/t/address.t b/t/address.t
index 3191fed0..287fcfa0 100644
--- a/t/address.t
+++ b/t/address.t
@@ -20,4 +20,13 @@ is_deeply(['User', 'e', 'John A. Doe', 'x'], \@names,
 @names = PublicInbox::Address::names('"user@example.com" <user@example.com>');
 is_deeply(['user'], \@names, 'address-as-name extraction works as expected');
 
+
+{
+	my $backwards = 'u@example.com (John Q. Public)';
+	@names = PublicInbox::Address::names($backwards);
+	is_deeply(\@names, ['u'], 'backwards name OK');
+	my @emails = PublicInbox::Address::emails($backwards);
+	is_deeply(\@emails, ['u@example.com'], 'backwards emails OK');
+}
+
 done_testing;
-- 
2.51.0