Commit b8a33eb3 authored by lpsolit%gmail.com's avatar lpsolit%gmail.com

Bug 301453: Move CheckEmailSyntax out of CGI.pl - Patch by Frédéric Buclin…

Bug 301453: Move CheckEmailSyntax out of CGI.pl - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
parent deaa3dcc
......@@ -1138,7 +1138,7 @@ sub insert_new_user ($$;$$) {
$password ||= &::GenerateRandomPassword();
my $cryptpassword = bz_crypt($password);
# XXX - These should be moved into ValidateNewUser or CheckEmailSyntax
# XXX - These should be moved into is_available_username or check_email_syntax
# At the least, they shouldn't be here. They're safe for now, though.
trick_taint($username);
trick_taint($realname);
......
......@@ -39,7 +39,7 @@ use base qw(Exporter);
trim wrap_comment find_wrap_point
format_time format_time_decimal
file_mod_time
bz_crypt);
bz_crypt check_email_syntax);
use Bugzilla::Config;
use Bugzilla::Error;
......@@ -342,6 +342,14 @@ sub bz_crypt ($) {
return $cryptedpassword;
}
sub check_email_syntax {
my ($addr) = (@_);
my $match = Param('emailregexp');
if ($addr !~ /$match/ || $addr =~ /[\\\(\)<>&,;:"\[\] \t\r\n]/) {
ThrowUserError("illegal_email_address", { addr => $addr });
}
}
sub ValidateDate {
my ($date, $format) = @_;
my $date2;
......
......@@ -103,14 +103,6 @@ sub CheckFormFieldDefined ($$) {
}
}
sub CheckEmailSyntax {
my ($addr) = (@_);
my $match = Param('emailregexp');
if ($addr !~ /$match/ || $addr =~ /[\\\(\)<>&,;:"\[\] \t\r\n]/) {
ThrowUserError("illegal_email_address", { addr => $addr });
}
}
sub PutHeader {
($vars->{'title'}, $vars->{'h1'}, $vars->{'h2'}) = (@_);
......
......@@ -33,6 +33,7 @@ require "CGI.pl";
use Bugzilla::Constants;
use Bugzilla::User;
use Bugzilla::BugMail;
use Bugzilla::Util;
# Shut up misguided -w warnings about "used only once":
use vars qw(
......@@ -63,7 +64,7 @@ my $login = $cgi->param('login');
if (defined($login)) {
# We've been asked to create an account.
my $realname = trim($cgi->param('realname'));
CheckEmailSyntax($login);
check_email_syntax($login);
$vars->{'login'} = $login;
if (!is_available_username($login)) {
......
......@@ -37,6 +37,7 @@ use Bugzilla::Constants;
use Bugzilla::Flag;
use Bugzilla::FlagType;
use Bugzilla::User;
use Bugzilla::Util;
use vars qw( $template $vars );
......@@ -488,7 +489,7 @@ sub validateCCList {
{ cc_list => $cgi->param('cc_list') });
my @addresses = split(/[, ]+/, $cgi->param('cc_list'));
foreach my $address (@addresses) { CheckEmailSyntax($address) }
foreach my $address (@addresses) { check_email_syntax($address) }
}
sub validateProduct {
......
......@@ -170,7 +170,7 @@ if ($action eq 'search') {
# Validity checks
$login || ThrowUserError('user_login_required');
CheckEmailSyntax($login);
check_email_syntax($login);
is_available_username($login) || ThrowUserError('account_exists',
{'email' => $login});
ValidatePassword($password);
......@@ -246,7 +246,7 @@ if ($action eq 'search') {
if ($login ne $loginold) {
# Validate, then trick_taint.
$login || ThrowUserError('user_login_required');
CheckEmailSyntax($login);
check_email_syntax($login);
is_available_username($login) || ThrowUserError('account_exists',
{'email' => $login});
trick_taint($login);
......
......@@ -112,7 +112,7 @@ if ( $::action eq 'reqpw' ) {
# Make sure the login name looks like an email address. This function
# displays its own error and stops execution if the login name looks wrong.
CheckEmailSyntax($cgi->param('loginname'));
check_email_syntax($cgi->param('loginname'));
my $quotedloginname = SqlQuote($cgi->param('loginname'));
SendSQL("SELECT userid FROM profiles WHERE " .
......
......@@ -118,7 +118,7 @@ sub SaveAccount {
}
# Before changing an email address, confirm one does not exist.
CheckEmailSyntax($new_login_name);
check_email_syntax($new_login_name);
trick_taint($new_login_name);
is_available_username($new_login_name)
|| ThrowUserError("account_exists", {email => $new_login_name});
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment