mirror of
https://codeberg.org/forgejo-aneksajo/forgejo-aneksajo.git
synced 2025-10-01 20:00:05 +02:00
1bc42842ba
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/9074 When registering with an email account including a comment (e.g. `me@example.com (a comment here)`), the comment is removed from the email address. It was possible to include an email address in the comment to bypass the block list. For instance if registering with `me@evilcorp.com (me@example.com)` the mail would incorrectly be verified against the block list using the comment instead of `@evilcorp.com`. This is a regression introduced in Forgejo v12. <!--start release-notes-assistant--> ## Release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - Security bug fixes - [PR](https://codeberg.org/forgejo/forgejo/pulls/9074): <!--number 9074 --><!--line 0 --><!--description ZW1haWwgY29tbWVudHMgYXJlIHJlbW92ZWQgZnJvbSBlbWFpbCBhZGRyZXNzZXM=-->email comments are removed from email addresses<!--description--> <!--end release-notes-assistant--> Co-authored-by: famfo <famfo@famfo.xyz> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9083 Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> |
||
|---|---|---|
| .. | ||
| 2fa.go | ||
| auth.go | ||
| auth_test.go | ||
| linkaccount.go | ||
| main_test.go | ||
| oauth.go | ||
| oauth_test.go | ||
| openid.go | ||
| password.go | ||
| webauthn.go | ||