guettli/sharedinbox
1
0
Fork 0
Code Issues 21 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

feat(S2): validate IMAP/SMTP hostnames against injection (#25)

Browse Source
This commit was merged in pull request #25.
This commit is contained in:
Bot of Thomas Güttler
2026-05-13 23:49:30 +02:00
parent a0c35c647a
commit 855f9a3a6d
3 changed files with 33 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/core/utils/host_utils.dart
+18
View File
@@ -2,3 +2,21 @@ bool isLocalhost(String host) {
final h = host.trim().toLowerCase();
return h == 'localhost' || h == '127.0.0.1' || h == '::1';
}
String? validateHostname(String? value) {
if (value == null || value.trim().isEmpty) return 'Required';
return _checkHostChars(value.trim());
}
String? validateOptionalHostname(String? value) {
if (value == null || value.trim().isEmpty) return null;
return _checkHostChars(value.trim());
}
String? _checkHostChars(String h) {
if (h.contains(RegExp(r'[@/\\]')) ||
h.codeUnits.any((c) => c < 32 || c == 127)) {
return 'Invalid hostname';
}
return null;
}