From 06b5e82df9e73dc2c139f11e3fda35a72fd146c2 Mon Sep 17 00:00:00 2001
From: Steve Sutton <steve@gaslightmedia.com>
Date: Mon, 5 Dec 2016 16:00:07 -0500
Subject: [PATCH] Double check emails.

Check email for valid email by using php filter_var.
Check each email for the admin by exploding the string by commas.
---
 classes/helper/notification.php | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/classes/helper/notification.php b/classes/helper/notification.php
index 85c7ae3..e416709 100644
--- a/classes/helper/notification.php
+++ b/classes/helper/notification.php
@@ -93,6 +93,10 @@ class GlmMembersAdmin_event_notification extends GlmDataMembers
         if ( !$notify_to ) {
             return false;
         }
+        $validEmail = filter_var( $notify_to, FILTER_VALIDATE_EMAIL );
+        if ( !$validEmail ) {
+            return false;
+        }
 
         $memberInfoData = new GlmDataMemberInfo( $this->wpdb, $this->config );
         $memberInfo     = $memberInfoData->getActiveInfoForMember( $memberId );
@@ -155,6 +159,14 @@ class GlmMembersAdmin_event_notification extends GlmDataMembers
         if ( !$notify_to ) {
             return false;
         }
+        // Double check the email for valid address
+        $emails = explode( ',', $notify_to );
+        foreach ( $emails as $email ) {
+            $validEmail = filter_var( $email, FILTER_VALIDATE_EMAIL );
+            if ( !$validEmail ) {
+                return false;
+            }
+        }
 
         // Setup the Smarty Engine
         $smarty   = new smartyTemplateSupport();
-- 
2.17.1