avoid phishing

2021-12-15 13:44:12 +01:00 · 2021-12-15 13:44:12 +01:00 · c7f7855f14
commit c7f7855f14
parent 0e7a6f5acf
2 changed files with 23 additions and 1 deletions
--- a/app/controllers/users/sessions_controller.rb
+++ b/app/controllers/users/sessions_controller.rb
@ -19,7 +19,11 @@ class Users::SessionsController < Devise::SessionsController
  end

  def link_sent
-    @email = params[:email]
+    if Devise.email_regexp.match?(params[:email])
+      @email = params[:email]
+    else
+      redirect_to root_path
+    end
  end

  # DELETE /resource/sign_out