Double check emails.

Check email for valid email by using php filter_var.
Check each email for the admin by exploding the string by commas.

diff --git a/classes/helper/notification.php b/classes/helper/notification.php
index 85c7ae3..e416709 100644 (file)
--- a/classes/helper/notification.php
+++ b/classes/helper/notification.php
@@ -93,6 +93,10 @@ class GlmMembersAdmin_event_notification extends GlmDataMembers
         if ( !$notify_to ) {
             return false;
         }
+        $validEmail = filter_var( $notify_to, FILTER_VALIDATE_EMAIL );
+        if ( !$validEmail ) {
+            return false;
+        }
 
         $memberInfoData = new GlmDataMemberInfo( $this->wpdb, $this->config );
         $memberInfo     = $memberInfoData->getActiveInfoForMember( $memberId );
@@ -155,6 +159,14 @@ class GlmMembersAdmin_event_notification extends GlmDataMembers
         if ( !$notify_to ) {
             return false;
         }
+        // Double check the email for valid address
+        $emails = explode( ',', $notify_to );
+        foreach ( $emails as $email ) {
+            $validEmail = filter_var( $email, FILTER_VALIDATE_EMAIL );
+            if ( !$validEmail ) {
+                return false;
+            }
+        }
 
         // Setup the Smarty Engine
         $smarty   = new smartyTemplateSupport();