diff options
author | Byron Jones <glob@mozilla.com> | 2015-09-09 06:00:11 +0200 |
---|---|---|
committer | Byron Jones <glob@mozilla.com> | 2015-09-09 06:00:11 +0200 |
commit | 8c4a70129847e2a76f7ffcd321ec59f49258a3e4 (patch) | |
tree | 692072a578851fb9c9c7487ae23f58064c55a357 /Bugzilla | |
parent | ea60d0087be05a15286315d2a51fa941e5fb0af2 (diff) | |
download | bugzilla-8c4a70129847e2a76f7ffcd321ec59f49258a3e4.tar.gz bugzilla-8c4a70129847e2a76f7ffcd321ec59f49258a3e4.tar.xz |
Bug 1202461 - backport bug 319953 to bmo (Missing real email syntax check)
Diffstat (limited to 'Bugzilla')
-rw-r--r-- | Bugzilla/Util.pm | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm index f2291a812..d80ab9569 100644 --- a/Bugzilla/Util.pm +++ b/Bugzilla/Util.pm @@ -704,12 +704,22 @@ sub generate_random_password { sub validate_email_syntax { my ($addr) = @_; my $match = Bugzilla->params->{'emailregexp'}; - my $ret = ($addr =~ /$match/ && $addr !~ /[\\\(\)<>&,;:"\[\] \t\r\n\P{ASCII}]/); - if ($ret) { + my $email = $addr . Bugzilla->params->{'emailsuffix'}; + # This regexp follows RFC 2822 section 3.4.1. + my $addr_spec = $Email::Address::addr_spec; + # RFC 2822 section 2.1 specifies that email addresses must + # be made of US-ASCII characters only. + # Email::Address::addr_spec doesn't enforce this. + if ($addr =~ /$match/ + && $email !~ /\P{ASCII}/ + && $email =~ /^$addr_spec$/ + && length($email) <= 127) + { # We assume these checks to suffice to consider the address untainted. trick_taint($_[0]); + return 1; } - return $ret ? 1 : 0; + return 0; } sub validate_date { |