summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2008-08-27 07:51:31 +0200
committerlpsolit%gmail.com <>2008-08-27 07:51:31 +0200
commita2631d18069f099eb5133c4484c9b80ff2a3f547 (patch)
tree5777dd5a0ff037603f734e11854194b0990c35d2
parent39406204047ce52ebc5312c1216ed1f2671ba3e9 (diff)
downloadbugzilla-a2631d18069f099eb5133c4484c9b80ff2a3f547.tar.gz
bugzilla-a2631d18069f099eb5133c4484c9b80ff2a3f547.tar.xz
Bug 385897: editwhines.cgi doesn't allow to whine at groups with a name containing blanks - Patch by Frédéric Buclin <LpSolit@gmail.com> r=wurblzap a=LpSolit
-rwxr-xr-xeditwhines.cgi25
1 files changed, 5 insertions, 20 deletions
diff --git a/editwhines.cgi b/editwhines.cgi
index 7da598dd8..922fe721d 100755
--- a/editwhines.cgi
+++ b/editwhines.cgi
@@ -238,28 +238,13 @@ if ($cgi->param('update')) {
# get an id for the mailto address
if ($can_mail_others && $mailto) {
if ($mailto_type == MAILTO_USER) {
- # detaint
- my $emailregexp = Bugzilla->params->{'emailregexp'};
- if ($mailto =~ /($emailregexp)/) {
- $mailto_id = login_to_id($1);
- }
- else {
- ThrowUserError("illegal_email_address",
- { addr => $mailto });
- }
+ $mailto_id = login_to_id($mailto);
}
elsif ($mailto_type == MAILTO_GROUP) {
- # detaint the group parameter
- if ($mailto =~ /^([0-9a-z_\-\.]+)$/i) {
- $mailto_id = Bugzilla::Group::ValidateGroupName(
- $1, ($user)) ||
- ThrowUserError(
- 'invalid_group_name',
- { name => $1 });
- } else {
- ThrowUserError('invalid_group_name',
- { name => $mailto });
- }
+ # The group name is used in a placeholder.
+ trick_taint($mailto);
+ $mailto_id = Bugzilla::Group::ValidateGroupName($mailto, ($user))
+ || ThrowUserError('invalid_group_name', { name => $mailto });
}
else {
# bad value, so it will just mail to the whine