From a44ddff81aacb0f2b9892386ff4c42b9ae6f6902 Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <daniel@firewall-services.com>
Date: Tue, 20 May 2014 14:10:32 +0200
Subject: [PATCH] Validate email format server-side Also cleanup the invite
 action handler

---
 public/vroom.pl | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/public/vroom.pl b/public/vroom.pl
index 8e12911..6394a67 100755
--- a/public/vroom.pl
+++ b/public/vroom.pl
@@ -655,7 +655,12 @@ post '/action' => sub {
   if ($action eq 'invite'){
     my $rcpt    = $self->param('recipient');
     my $message = $self->param('message');
-    $self->email(
+    my $status  = 'error';
+    my $msg     = $self->l('ERROR_OCCURED');
+    if ($rcpt !~ m/\S+@\S+\.\S+$/){
+      $msg = $self->l('ERROR_MAIL_INVALID');
+    }
+    elsif ($self->email(
       header => [
         Subject => encode("MIME-Header", $self->l("EMAIL_INVITATION")),
         To => $rcpt
@@ -665,18 +670,15 @@ post '/action' => sub {
         room     => $room,
         message  => $message
       ],
-    ) ||
-    return $self->render(
-      json => {
-        msg    => $self->l('ERROR_OCCURED'),
-        status => 'error'
-      },
-    );
-    $self->app->log->info($self->session('name') . " sent an invitation for room $room to $rcpt");
+    )){
+      $self->app->log->info($self->session('name') . " sent an invitation for room $room to $rcpt");
+      $status = 'success';
+      $msg = sprintf($self->l('INVITE_SENT_TO_s'), $rcpt);
+    }
     $self->render(
       json => {
-        msg    => sprintf($self->l('INVITE_SENT_TO_s'), $rcpt),
-        status => 'success'
+        msg    => $msg,
+        status => $status
       }
     );
   }