From e00442b9da6fc622a70919375ea310b66caf89b0 Mon Sep 17 00:00:00 2001
From: Jonas Leder <jonas@jonasled.de>
Date: Tue, 5 Jul 2022 12:25:12 +0200
Subject: [PATCH] validate email address format

---
 public/API/queries/comments.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/public/API/queries/comments.php b/public/API/queries/comments.php
index de1f3c4..d474f78 100644
--- a/public/API/queries/comments.php
+++ b/public/API/queries/comments.php
@@ -51,6 +51,10 @@ function newComment($conn, $article, $name, $email, $comment, $hCaptchaResponse)
         return "Failed to verify Captcha";
     }
 
+    if(!filter_var($email, FILTER_VALIDATE_EMAIL)) {
+        return "Invalid email address.";
+    }
+
     $article = $conn->escape_string($article);
     $name = $conn->escape_string($name);
     $email = $conn->escape_string($email);