Merge commit from fork

* Disallow some special characters in e-mail addresses

* Add size limit to email columns

app/models/email_subscription.rb

@@ -19,7 +19,7 @@ class EmailSubscription < ApplicationRecord
 
   normalizes :email, with: ->(str) { str.squish.downcase }
 
-  validates :email, presence: true, email_address: true, uniqueness: { scope: :account_id }
+  validates :email, presence: true, email_address: true, length: { maximum: 320 }, uniqueness: { scope: :account_id }
   validates :email, email_mx: true, if: -> { email_changed? && !Rails.env.local? }
 
   scope :confirmed, -> { where.not(confirmed_at: nil) }

app/models/user.rb

@@ -92,7 +92,7 @@ class User < ApplicationRecord
   accepts_nested_attributes_for :invite_request, reject_if: ->(attributes) { attributes['text'].blank? && !Setting.require_invite_text }
   validates :invite_request, presence: true, on: :create, if: :invite_text_required?
 
-  validates :email, presence: true, email_address: true
+  validates :email, presence: true, email_address: true, length: { maximum: 320 }
   validates :email, email_mx: { attempt_ip: :sign_up_ip }, if: :validate_email_dns?
 
   validates_with UserEmailValidator, if: -> { ENV['EMAIL_DOMAIN_LISTS_APPLY_AFTER_CONFIRMATION'] == 'true' || !confirmed? }

app/validators/email_address_validator.rb

@@ -11,8 +11,14 @@ class EmailAddressValidator < ActiveModel::EachValidator
     value = value.strip
 
     address = Mail::Address.new(value)
-    record.errors.add(attribute, :invalid) if address.address != value
+    record.errors.add(attribute, :invalid) if address.address != value || contains_disallowed_characters?(value)
   rescue Mail::Field::FieldError
     record.errors.add(attribute, :invalid)
   end
+
+  private
+
+  def contains_disallowed_characters?(value)
+    value.include?('%') || value.include?(',') || value.include?('"')
+  end
 end