Bug 714472: (CVE-2012-0448) [SECURITY] utf8 homoglyphs are allowed in email addresses, which could allow an attacker to be CC'ed to private bugs by accident

r=glob a=LpSolit
author: Frédéric Buclin <LpSolit@gmail.com> 2012-01-31 16:39:50 +0100
committer: Frédéric Buclin <LpSolit@gmail.com> 2012-01-31 16:39:50 +0100
commit: 6c81a8674ac77562584d5033561f8b4d947f23bb (patch)
tree: 3f3075c09ff6c31cd4901a6182f15ff6ec87cdf2 /Bugzilla/Util.pm
parent: 907acd417423fe4550d31afe0b16ee15b2ebad18 (diff)
download: bugzilla-6c81a8674ac77562584d5033561f8b4d947f23bb.tar.gz
bugzilla-6c81a8674ac77562584d5033561f8b4d947f23bb.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index 4c268552b..6d8622e04 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -565,7 +565,7 @@ sub generate_random_password {
 sub validate_email_syntax {
     my ($addr) = @_;
     my $match = Bugzilla->params->{'emailregexp'};
-    my $ret = ($addr =~ /$match/ && $addr !~ /[\\\(\)<>&,;:"\[\] \t\r\n]/);
+    my $ret = ($addr =~ /$match/ && $addr !~ /[\\\(\)<>&,;:"\[\] \t\r\n\P{ASCII}]/);
     if ($ret) {
         # We assume these checks to suffice to consider the address untainted.
         trick_taint($_[0]);
author	Frédéric Buclin <LpSolit@gmail.com>	2012-01-31 16:39:50 +0100
committer	Frédéric Buclin <LpSolit@gmail.com>	2012-01-31 16:39:50 +0100
commit	6c81a8674ac77562584d5033561f8b4d947f23bb (patch)
tree	3f3075c09ff6c31cd4901a6182f15ff6ec87cdf2 /Bugzilla/Util.pm
parent	907acd417423fe4550d31afe0b16ee15b2ebad18 (diff)
download	bugzilla-6c81a8674ac77562584d5033561f8b4d947f23bb.tar.gz bugzilla-6c81a8674ac77562584d5033561f8b4d947f23bb.tar.xz