From 4ea44fe7836c0e54dc7af5f76091a3e735e9fd4f Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Fri, 16 Dec 2005 12:59:22 +0000
Subject: [PATCH] - Patch #41198 by matt/dopry: made the contact module
 validate the recipients' e-mail addresses.

---
 modules/contact.module         | 12 ++++++++++++
 modules/contact/contact.module | 12 ++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/modules/contact.module b/modules/contact.module
index 02798a8e4ced..70d680504f5d 100644
--- a/modules/contact.module
+++ b/modules/contact.module
@@ -188,6 +188,14 @@ function contact_admin_edit($cid = NULL) {
     if (empty($edit['recipients'])) {
       form_set_error('recipients', t('You must enter one or more recipients.'));
     }
+    else {
+      $recipients = split(',', $edit['recipients']);
+      foreach($recipients as $recipient) {
+        if (!valid_email_address(trim($recipient))) {
+          form_set_error('recipients',t('%recipient is an invalid e-mail address.', array('%recipient' => theme('placeholder', $recipient))));
+        }
+      }
+    }
 
     if (!form_get_errors()) {
       db_query("DELETE FROM {contact} WHERE cid = %d", $cid);
@@ -298,6 +306,10 @@ function contact_mail_page_validate($form_id, &$form) {
     else {
       form_set_error('category', t('You must select a valid category.'));
     }
+
+    if (!valid_email_address($form['mail'])) {
+      form_set_error('mail', t('You must enter a valid e-mail address.'));
+    }
   }
 }
 
diff --git a/modules/contact/contact.module b/modules/contact/contact.module
index 02798a8e4ced..70d680504f5d 100644
--- a/modules/contact/contact.module
+++ b/modules/contact/contact.module
@@ -188,6 +188,14 @@ function contact_admin_edit($cid = NULL) {
     if (empty($edit['recipients'])) {
       form_set_error('recipients', t('You must enter one or more recipients.'));
     }
+    else {
+      $recipients = split(',', $edit['recipients']);
+      foreach($recipients as $recipient) {
+        if (!valid_email_address(trim($recipient))) {
+          form_set_error('recipients',t('%recipient is an invalid e-mail address.', array('%recipient' => theme('placeholder', $recipient))));
+        }
+      }
+    }
 
     if (!form_get_errors()) {
       db_query("DELETE FROM {contact} WHERE cid = %d", $cid);
@@ -298,6 +306,10 @@ function contact_mail_page_validate($form_id, &$form) {
     else {
       form_set_error('category', t('You must select a valid category.'));
     }
+
+    if (!valid_email_address($form['mail'])) {
+      form_set_error('mail', t('You must enter a valid e-mail address.'));
+    }
   }
 }
 
-- 
GitLab