diff options
author | mkanat%bugzilla.org <> | 2007-09-19 06:28:30 +0200 |
---|---|---|
committer | mkanat%bugzilla.org <> | 2007-09-19 06:28:30 +0200 |
commit | 052c5ebc181807287a6c9d972dbed7405cd00ef2 (patch) | |
tree | a7944233ad7765607e89a9273f7f2371d68d5f93 | |
parent | 4b96e2efc66eb75b58f5da5ae5a48de0d712b68e (diff) | |
download | bugzilla-052c5ebc181807287a6c9d972dbed7405cd00ef2.tar.gz bugzilla-052c5ebc181807287a6c9d972dbed7405cd00ef2.tar.xz |
Bug 395632: [SECURITY] XML-RPC WebService Bugzilla::User::offer_account_by_email does not check createemailregexp
Patch By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, r=Wurblzap, a=mkanat
-rwxr-xr-x | Bugzilla/WebService/Constants.pm | 2 | ||||
-rwxr-xr-x | Bugzilla/WebService/User.pm | 8 |
2 files changed, 10 insertions, 0 deletions
diff --git a/Bugzilla/WebService/Constants.pm b/Bugzilla/WebService/Constants.pm index 43e4c1c8e..139ec1b7b 100755 --- a/Bugzilla/WebService/Constants.pm +++ b/Bugzilla/WebService/Constants.pm @@ -83,6 +83,8 @@ use constant WS_ERROR_CODE => { # User errors are 500-600. account_exists => 500, illegal_email_address => 501, + account_creation_disabled => 501, + account_creation_restricted => 501, password_too_short => 502, password_too_long => 503, invalid_username => 504, diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm index db02ff75a..f839e2a9d 100755 --- a/Bugzilla/WebService/User.pm +++ b/Bugzilla/WebService/User.pm @@ -74,6 +74,14 @@ sub offer_account_by_email { my $email = trim($params->{email}) || ThrowCodeError('param_required', { param => 'email' }); + my $createexp = Bugzilla->params->{'createemailregexp'}; + if (!$createexp) { + ThrowUserError("account_creation_disabled"); + } + elsif ($email !~ /$createexp/) { + ThrowUserError("account_creation_restricted"); + } + $email = Bugzilla::User->check_login_name_for_creation($email); # Create and send a token for this new account. |