add " to "emailAddressRegEx validation

This commit is contained in:
Michael Hoennig 2024-12-13 10:11:00 +01:00
parent 0ebaec6908
commit 26c9780417

View File

@ -36,9 +36,9 @@ public interface HsOfficeContactRbacRepository extends Repository<HsOfficeContac
static String emailRegEx(@NotNull String emailAddress) { static String emailRegEx(@NotNull String emailAddress) {
// TODO.impl: find more secure solution, maybe we substitute a placeholder with the whole expression? // TODO.impl: find more secure solution, maybe we substitute a placeholder with the whole expression?
if (emailAddress.contains("'") || emailAddress.endsWith("\\") ) { if (emailAddress.contains("'") || emailAddress.contains("\"") || emailAddress.endsWith("\\") ) {
throw new ValidationException( throw new ValidationException(
"emailAddress contains invalid characters: " + emailAddress); "emailAddressRegEx contains invalid characters: " + emailAddress);
} }
return emailAddress.replace("%", ".*"); // the JSON-matcher in PostgreSQL needs a wildcard return emailAddress.replace("%", ".*"); // the JSON-matcher in PostgreSQL needs a wildcard
} }