From: Steve Sutton <steve@gaslightmedia.com>
Date: Mon, 5 Dec 2016 21:00:07 +0000 (-0500)
Subject: Double check emails.
X-Git-Tag: v1.5.8^2~2
X-Git-Url: http://cvs2.gaslightmedia.com/gitweb/?a=commitdiff_plain;h=06b5e82df9e73dc2c139f11e3fda35a72fd146c2;p=WP-Plugins%2Fglm-member-db-events.git

Double check emails.

Check email for valid email by using php filter_var.
Check each email for the admin by exploding the string by commas.
---

diff --git a/classes/helper/notification.php b/classes/helper/notification.php
index 85c7ae3..e416709 100644
--- a/classes/helper/notification.php
+++ b/classes/helper/notification.php
@@ -93,6 +93,10 @@ class GlmMembersAdmin_event_notification extends GlmDataMembers
         if ( !$notify_to ) {
             return false;
         }
+        $validEmail = filter_var( $notify_to, FILTER_VALIDATE_EMAIL );
+        if ( !$validEmail ) {
+            return false;
+        }
 
         $memberInfoData = new GlmDataMemberInfo( $this->wpdb, $this->config );
         $memberInfo     = $memberInfoData->getActiveInfoForMember( $memberId );
@@ -155,6 +159,14 @@ class GlmMembersAdmin_event_notification extends GlmDataMembers
         if ( !$notify_to ) {
             return false;
         }
+        // Double check the email for valid address
+        $emails = explode( ',', $notify_to );
+        foreach ( $emails as $email ) {
+            $validEmail = filter_var( $email, FILTER_VALIDATE_EMAIL );
+            if ( !$validEmail ) {
+                return false;
+            }
+        }
 
         // Setup the Smarty Engine
         $smarty   = new smartyTemplateSupport();