Commit f8ef491c authored by Michael Gratton's avatar Michael Gratton 🤞

Don't flag a mailbox address without a distinct name as spoofed.

This fixes annoying, albeit legit addresses like "mike@vee.net
<mike@vee.net>" from being flagged.

Followup to commit b7eea857.

* src/engine/rfc822/rfc822-mailbox-address.vala (MailboxAddress): Don't
  test name for spoofyness if it's not distinct. Add unit test.
parent 7073206c
......@@ -298,11 +298,12 @@ public class Geary.RFC822.MailboxAddress :
bool is_spoof = false;
// 1. Check the name part contains no controls and doesn't
// look like an email address
// look like an email address (unless it's the same as the
// address part).
if (!Geary.String.is_empty(this.name)) {
if (Regex.match_simple(CONTROLS, this.name)) {
is_spoof = true;
} else {
} else if (has_distinct_name()) {
// Clean up the name as usual, but remove all
// whitespace so an attack can't get away with a name
// like "potus @ whitehouse . gov"
......
......@@ -156,6 +156,7 @@ class Geary.RFC822.MailboxAddressTest : Gee.TestCase {
assert(new MailboxAddress("test test", "example@example.com").is_spoofed() == false);
assert(new MailboxAddress("test test", "example@example.com").is_spoofed() == false);
assert(new MailboxAddress("test?", "example@example.com").is_spoofed() == false);
assert(new MailboxAddress("test@example.com", "test@example.com").is_spoofed() == false);
assert(new MailboxAddress("test@example.com", "example@example.com").is_spoofed() == true);
assert(new MailboxAddress("test @ example . com", "example@example.com").is_spoofed() == true);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment