TODO für potentielle SQL-Injection

2024-12-13 10:09:58 +01:00 · 2024-12-13 10:09:58 +01:00 · 0ebaec6908
commit 0ebaec6908
parent a0560d2bfd
1 changed files with 1 additions and 0 deletions
--- a/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacRepository.java
+++ b/src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactRbacRepository.java
@ -35,6 +35,7 @@ public interface HsOfficeContactRbacRepository extends Repository<HsOfficeContac
    }

    static String emailRegEx(@NotNull String emailAddress) {
+        // TODO.impl: find more secure solution, maybe we substitute a placeholder with the whole expression?
        if (emailAddress.contains("'") || emailAddress.endsWith("\\") ) {
            throw new ValidationException(
                    "emailAddress contains invalid characters: " + emailAddress);