From 5ff8eb97c646f9f8de74915e4b2926789695d4af Mon Sep 17 00:00:00 2001
From: Denis Kasak <dkasak@termina.org.uk>
Date: Wed, 31 Mar 2021 12:27:20 +0000
Subject: [PATCH] Make sample config allowed_local_3pids regex stricter.
 (#9719)

The regex should be terminated so that subdomain matches of another
domain are not accepted. Just ensuring that someone doesn't shoot
themselves in the foot by copying our example.

Signed-off-by: Denis Kasak <dkasak@termina.org.uk>
---
 changelog.d/9719.doc           | 1 +
 docs/sample_config.yaml        | 4 ++--
 synapse/config/registration.py | 4 ++--
 3 files changed, 5 insertions(+), 4 deletions(-)
 create mode 100644 changelog.d/9719.doc

diff --git a/changelog.d/9719.doc b/changelog.d/9719.doc
new file mode 100644
index 000000000..f018606dd
--- /dev/null
+++ b/changelog.d/9719.doc
@@ -0,0 +1 @@
+Make the allowed_local_3pids regex example in the sample config stricter.
diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml
index c73ea6b16..b0bf98774 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -1246,9 +1246,9 @@ account_validity:
 #
 #allowed_local_3pids:
 #  - medium: email
-#    pattern: '.*@matrix\.org'
+#    pattern: '^[^@]+@matrix\.org$'
 #  - medium: email
-#    pattern: '.*@vector\.im'
+#    pattern: '^[^@]+@vector\.im$'
 #  - medium: msisdn
 #    pattern: '\+44'
 
diff --git a/synapse/config/registration.py b/synapse/config/registration.py
index ead007ba5..f27d1e14a 100644
--- a/synapse/config/registration.py
+++ b/synapse/config/registration.py
@@ -298,9 +298,9 @@ class RegistrationConfig(Config):
         #
         #allowed_local_3pids:
         #  - medium: email
-        #    pattern: '.*@matrix\\.org'
+        #    pattern: '^[^@]+@matrix\\.org$'
         #  - medium: email
-        #    pattern: '.*@vector\\.im'
+        #    pattern: '^[^@]+@vector\\.im$'
         #  - medium: msisdn
         #    pattern: '\\+44'