diff options
author | lpsolit%gmail.com <> | 2008-08-27 07:51:31 +0200 |
---|---|---|
committer | lpsolit%gmail.com <> | 2008-08-27 07:51:31 +0200 |
commit | a2631d18069f099eb5133c4484c9b80ff2a3f547 (patch) | |
tree | 5777dd5a0ff037603f734e11854194b0990c35d2 | |
parent | 39406204047ce52ebc5312c1216ed1f2671ba3e9 (diff) | |
download | bugzilla-a2631d18069f099eb5133c4484c9b80ff2a3f547.tar.gz bugzilla-a2631d18069f099eb5133c4484c9b80ff2a3f547.tar.xz |
Bug 385897: editwhines.cgi doesn't allow to whine at groups with a name containing blanks - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wurblzap a=LpSolit
-rwxr-xr-x | editwhines.cgi | 25 |
1 files changed, 5 insertions, 20 deletions
diff --git a/editwhines.cgi b/editwhines.cgi index 7da598dd8..922fe721d 100755 --- a/editwhines.cgi +++ b/editwhines.cgi @@ -238,28 +238,13 @@ if ($cgi->param('update')) { # get an id for the mailto address if ($can_mail_others && $mailto) { if ($mailto_type == MAILTO_USER) { - # detaint - my $emailregexp = Bugzilla->params->{'emailregexp'}; - if ($mailto =~ /($emailregexp)/) { - $mailto_id = login_to_id($1); - } - else { - ThrowUserError("illegal_email_address", - { addr => $mailto }); - } + $mailto_id = login_to_id($mailto); } elsif ($mailto_type == MAILTO_GROUP) { - # detaint the group parameter - if ($mailto =~ /^([0-9a-z_\-\.]+)$/i) { - $mailto_id = Bugzilla::Group::ValidateGroupName( - $1, ($user)) || - ThrowUserError( - 'invalid_group_name', - { name => $1 }); - } else { - ThrowUserError('invalid_group_name', - { name => $mailto }); - } + # The group name is used in a placeholder. + trick_taint($mailto); + $mailto_id = Bugzilla::Group::ValidateGroupName($mailto, ($user)) + || ThrowUserError('invalid_group_name', { name => $mailto }); } else { # bad value, so it will just mail to the whine |