diff options
| author | Frédéric Buclin <LpSolit@gmail.com> | 2012-01-23 17:13:37 +0100 |
|---|---|---|
| committer | Frédéric Buclin <LpSolit@gmail.com> | 2012-01-23 17:13:37 +0100 |
| commit | 96624a115fe60b8ebdbbecbc2b38a7566d4e4c59 (patch) | |
| tree | 7b7c92645371edd42efe647c4c731f0a971f4e71 /Bugzilla/Util.pm | |
| parent | 3d3cb31a1f4f7c09de165805298e4ea2feaba7cd (diff) | |
| download | bugzilla-96624a115fe60b8ebdbbecbc2b38a7566d4e4c59.tar.gz bugzilla-96624a115fe60b8ebdbbecbc2b38a7566d4e4c59.tar.xz | |
Bug 319953: Missing real email syntax check
r=glob a=LpSolit
Diffstat (limited to 'Bugzilla/Util.pm')
| -rw-r--r-- | Bugzilla/Util.pm | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm index a04095647..bf8569839 100644 --- a/Bugzilla/Util.pm +++ b/Bugzilla/Util.pm @@ -20,7 +20,7 @@ use base qw(Exporter); format_time validate_date validate_time datetime_from file_mod_time is_7bit_clean bz_crypt generate_random_password - validate_email_syntax clean_text + validate_email_syntax check_email_syntax clean_text get_text template_var disable_utf8 detect_encoding); @@ -552,7 +552,13 @@ sub generate_random_password { sub validate_email_syntax { my ($addr) = @_; my $match = Bugzilla->params->{'emailregexp'}; - my $ret = ($addr =~ /$match/ && $addr !~ /[\\\(\)<>&,;:"\[\] \t\r\n]/); + my $email = $addr . Bugzilla->params->{'emailsuffix'}; + # This regexp follows RFC 2822 section 3.4.1. + my $addr_spec = $Email::Address::addr_spec; + # RFC 2822 section 2.1 specifies that email addresses must + # be made of US-ASCII characters only. + # Email::Address::addr_spec doesn't enforce this. + my $ret = ($addr =~ /$match/ && $email !~ /\P{ASCII}/ && $email =~ /^$addr_spec$/); if ($ret) { # We assume these checks to suffice to consider the address untainted. trick_taint($_[0]); @@ -560,6 +566,15 @@ sub validate_email_syntax { return $ret ? 1 : 0; } +sub check_email_syntax { + my ($addr) = @_; + + unless (validate_email_syntax(@_)) { + my $email = $addr . Bugzilla->params->{'emailsuffix'}; + ThrowUserError('illegal_email_address', { addr => $email }); + } +} + sub validate_date { my ($date) = @_; my $date2; @@ -763,6 +778,7 @@ Bugzilla::Util - Generic utility functions for bugzilla # Validation Functions validate_email_syntax($email); + check_email_syntax($email); validate_date($date); # DB-related functions @@ -1069,6 +1085,12 @@ Do a syntax checking for a legal email address and returns 1 if the check is successful, else returns 0. Untaints C<$email> if successful. +=item C<check_email_syntax($email)> + +Do a syntax checking for a legal email address and throws an error +if the check fails. +Untaints C<$email> if successful. + =item C<validate_date($date)> Make sure the date has the correct format and returns 1 if |