From cd2461a77e6ba503acb39fb03f501e28a8eba467 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20Oudin?= <oudin@crans.org>
Date: Mon, 14 Oct 2019 23:07:43 +0200
Subject: [PATCH] Fix potential security issue by validating the email
 structure

---
 app/controller/campaign.php                  | 10 ++++++++--
 src/LQDN/Exception/InvalidEmailException.php |  7 +++++++
 src/LQDN/Handler/UserHandler.php             | 10 ++++++++++
 3 files changed, 25 insertions(+), 2 deletions(-)
 create mode 100644 src/LQDN/Exception/InvalidEmailException.php

diff --git a/app/controller/campaign.php b/app/controller/campaign.php
index 87508aa..353deda 100644
--- a/app/controller/campaign.php
+++ b/app/controller/campaign.php
@@ -4,6 +4,7 @@ namespace Controller;
 use LQDN\Command\UserUpdateTotalCommand;
 use LQDN\Command\UserCreateCommand;
 use LQDN\Command\DonationCreateCommand;
+use LQDN\Exception\InvalidEmailException;
 
 class Campaign extends Controller
 {
@@ -122,8 +123,13 @@ class Campaign extends Controller
                 $cumul_id = $user['cumul'];
             } else {
                 // The user does not exist, so let's create it
-                $result = $db->query("INSERT INTO users (pseudo, email, hash)
-					VALUES ('".$f3->get('pseudo')."', '$email', '$hash')");
+                try {
+                    $f3->get('container')['command_handler']->handle(new UserCreateCommand($email, $hash, $f3->get('pseudo'), 0, 0));
+                } catch (InvalidEmailException $e) {
+                    $f3->set("error", _("Email Invalide"));
+                    $f3->error("403");
+                }
+
                 $user_id = $db->lastInsertId();
             }
         }
diff --git a/src/LQDN/Exception/InvalidEmailException.php b/src/LQDN/Exception/InvalidEmailException.php
new file mode 100644
index 0000000..d24191a
--- /dev/null
+++ b/src/LQDN/Exception/InvalidEmailException.php
@@ -0,0 +1,7 @@
+<?php
+
+namespace LQDN\Exception;
+
+class InvalidEmailException extends \RuntimeException
+{
+}
diff --git a/src/LQDN/Handler/UserHandler.php b/src/LQDN/Handler/UserHandler.php
index 0ae0a0d..8dd237b 100644
--- a/src/LQDN/Handler/UserHandler.php
+++ b/src/LQDN/Handler/UserHandler.php
@@ -8,6 +8,14 @@ use LQDN\Command\UserUpdateTotalCommand;
 use LQDN\Command\UserUpdateCumulCommand;
 use LQDN\Command\UserCreateCommand;
 use LQDN\Command\AdminUpdateTotalUsersCommand;
+use LQDN\Exception\InvalidEmailException;
+
+function checkEmail($email)
+{
+    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
+        throw new InvalidEmailException();
+    }
+}
 
 class UserHandler
 {
@@ -25,6 +33,7 @@ class UserHandler
      */
     public function handleUserUpdateByAdminCommand(UserUpdateByAdminCommand $command)
     {
+        checkEmail($command->getEmail());
         $this->connection->executeUpdate('UPDATE users SET pseudo = :username, email = :email, commentaire = :comment, cumul = :cumul, total = :total WHERE id = :id', [
             'username' => $command->getUsername(),
             'email' => $command->getEmail(),
@@ -42,6 +51,7 @@ class UserHandler
      */
     public function handleUserCreateCommand(UserCreateCommand $command)
     {
+        checkEmail($command->getEmail());
         $this->connection->executeUpdate('INSERT INTO users(email, hash, pseudo, total, cumul) VALUES (:email, :hash, :pseudo, :total, :cumul)', [
             'email'=> $command->getEmail(),
             'hash'=> $command->getHash(),
-- 
GitLab