Fix potential security issue by validating the email structure

app/controller/campaign.php

@@ -4,6 +4,7 @@ namespace Controller;
 use LQDN\Command\UserUpdateTotalCommand;
 use LQDN\Command\UserCreateCommand;
 use LQDN\Command\DonationCreateCommand;
+use LQDN\Exception\InvalidEmailException;
 
 class Campaign extends Controller
 {
@@ -122,8 +123,13 @@ class Campaign extends Controller
                 $cumul_id = $user['cumul'];
             } else {
                 // The user does not exist, so let's create it
-                $result = $db->query("INSERT INTO users (pseudo, email, hash)
-					VALUES ('".$f3->get('pseudo')."', '$email', '$hash')");
+                try {
+                    $f3->get('container')['command_handler']->handle(new UserCreateCommand($email, $hash, $f3->get('pseudo'), 0, 0));
+                } catch (InvalidEmailException $e) {
+                    $f3->set("error", _("Email Invalide"));
+                    $f3->error("403");
+                }
+
                 $user_id = $db->lastInsertId();
             }
         }

src/LQDN/Exception/InvalidEmailException.php

+<?php
+
+namespace LQDN\Exception;
+
+class InvalidEmailException extends \RuntimeException
+{
+}

src/LQDN/Handler/UserHandler.php

@@ -8,6 +8,14 @@ use LQDN\Command\UserUpdateTotalCommand;
 use LQDN\Command\UserUpdateCumulCommand;
 use LQDN\Command\UserCreateCommand;
 use LQDN\Command\AdminUpdateTotalUsersCommand;
+use LQDN\Exception\InvalidEmailException;
+
+function checkEmail($email)
+{
+    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
+        throw new InvalidEmailException();
+    }
+}
 
 class UserHandler
 {
@@ -25,6 +33,7 @@ class UserHandler
      */
     public function handleUserUpdateByAdminCommand(UserUpdateByAdminCommand $command)
     {
+        checkEmail($command->getEmail());
         $this->connection->executeUpdate('UPDATE users SET pseudo = :username, email = :email, commentaire = :comment, cumul = :cumul, total = :total WHERE id = :id', [
             'username' => $command->getUsername(),
             'email' => $command->getEmail(),
@@ -42,6 +51,7 @@ class UserHandler
      */
     public function handleUserCreateCommand(UserCreateCommand $command)
     {
+        checkEmail($command->getEmail());
         $this->connection->executeUpdate('INSERT INTO users(email, hash, pseudo, total, cumul) VALUES (:email, :hash, :pseudo, :total, :cumul)', [
             'email'=> $command->getEmail(),
             'hash'=> $command->getHash(),