summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrédéric Buclin <LpSolit@gmail.com>2012-01-31 16:39:50 +0100
committerFrédéric Buclin <LpSolit@gmail.com>2012-01-31 16:39:50 +0100
commit6c81a8674ac77562584d5033561f8b4d947f23bb (patch)
tree3f3075c09ff6c31cd4901a6182f15ff6ec87cdf2
parent907acd417423fe4550d31afe0b16ee15b2ebad18 (diff)
downloadbugzilla-6c81a8674ac77562584d5033561f8b4d947f23bb.tar.gz
bugzilla-6c81a8674ac77562584d5033561f8b4d947f23bb.tar.xz
Bug 714472: (CVE-2012-0448) [SECURITY] utf8 homoglyphs are allowed in email addresses, which could allow an attacker to be CC'ed to private bugs by accident
r=glob a=LpSolit
-rw-r--r--Bugzilla/FlagType.pm2
-rw-r--r--Bugzilla/Util.pm2
-rw-r--r--template/en/default/global/code-error.html.tmpl3
-rw-r--r--template/en/default/global/user-error.html.tmpl5
4 files changed, 5 insertions, 7 deletions
diff --git a/Bugzilla/FlagType.pm b/Bugzilla/FlagType.pm
index ea81dfe46..b30065a1c 100644
--- a/Bugzilla/FlagType.pm
+++ b/Bugzilla/FlagType.pm
@@ -310,7 +310,7 @@ sub _check_cc_list {
# - do not contain any illegal character.
foreach my $address (@addresses) {
($address =~ /^[\w\.\+\-=]+@[\w\.\-]+\.[\w\-]+$/
- && $address !~ /[\\\(\)<>&,;:"\[\] \t\r\n]/)
+ && $address !~ /[\\\(\)<>&,;:"\[\] \t\r\n\P{ASCII}]/)
|| ThrowUserError('illegal_email_address',
{addr => $address, default => 1});
}
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index 4c268552b..6d8622e04 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -565,7 +565,7 @@ sub generate_random_password {
sub validate_email_syntax {
my ($addr) = @_;
my $match = Bugzilla->params->{'emailregexp'};
- my $ret = ($addr =~ /$match/ && $addr !~ /[\\\(\)<>&,;:"\[\] \t\r\n]/);
+ my $ret = ($addr =~ /$match/ && $addr !~ /[\\\(\)<>&,;:"\[\] \t\r\n\P{ASCII}]/);
if ($ret) {
# We assume these checks to suffice to consider the address untainted.
trick_taint($_[0]);
diff --git a/template/en/default/global/code-error.html.tmpl b/template/en/default/global/code-error.html.tmpl
index 5dce16976..f100df994 100644
--- a/template/en/default/global/code-error.html.tmpl
+++ b/template/en/default/global/code-error.html.tmpl
@@ -48,8 +48,7 @@
[% ELSE %]
[%+ Param('emailregexpdesc') FILTER html_light %]
[% END %]
- It must also not contain any of these special characters:
- <tt>\ ( ) &amp; &lt; &gt; , ; : &quot; [ ]</tt>, or any whitespace.
+ It also must not contain any illegal characters.
[% ELSIF error == "authres_unhandled" %]
The result value of [% value FILTER html %] was not handled by
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index 723f92042..dc0a94ac7 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -851,9 +851,8 @@
[% ELSE %]
[%+ Param('emailregexpdesc') FILTER html_light %]
[% END %]
- It must also not contain any of these special characters:
- <tt>\ ( ) &amp; &lt; &gt; , ; : &quot; [ ]</tt>, or any whitespace.
-
+ It also must not contain any illegal characters.
+
[% ELSIF error == "illegal_frequency" %]
[% title = "Too Frequent" %]
Unless you are an administrator, you may not create series which are