summaryrefslogtreecommitdiffstats
path: root/Bugzilla
diff options
context:
space:
mode:
authorByron Jones <glob@mozilla.com>2015-09-09 06:00:11 +0200
committerByron Jones <glob@mozilla.com>2015-09-09 06:00:11 +0200
commit8c4a70129847e2a76f7ffcd321ec59f49258a3e4 (patch)
tree692072a578851fb9c9c7487ae23f58064c55a357 /Bugzilla
parentea60d0087be05a15286315d2a51fa941e5fb0af2 (diff)
downloadbugzilla-8c4a70129847e2a76f7ffcd321ec59f49258a3e4.tar.gz
bugzilla-8c4a70129847e2a76f7ffcd321ec59f49258a3e4.tar.xz
Bug 1202461 - backport bug 319953 to bmo (Missing real email syntax check)
Diffstat (limited to 'Bugzilla')
-rw-r--r--Bugzilla/Util.pm16
1 files changed, 13 insertions, 3 deletions
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index f2291a812..d80ab9569 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -704,12 +704,22 @@ sub generate_random_password {
sub validate_email_syntax {
my ($addr) = @_;
my $match = Bugzilla->params->{'emailregexp'};
- my $ret = ($addr =~ /$match/ && $addr !~ /[\\\(\)<>&,;:"\[\] \t\r\n\P{ASCII}]/);
- if ($ret) {
+ my $email = $addr . Bugzilla->params->{'emailsuffix'};
+ # This regexp follows RFC 2822 section 3.4.1.
+ my $addr_spec = $Email::Address::addr_spec;
+ # RFC 2822 section 2.1 specifies that email addresses must
+ # be made of US-ASCII characters only.
+ # Email::Address::addr_spec doesn't enforce this.
+ if ($addr =~ /$match/
+ && $email !~ /\P{ASCII}/
+ && $email =~ /^$addr_spec$/
+ && length($email) <= 127)
+ {
# We assume these checks to suffice to consider the address untainted.
trick_taint($_[0]);
+ return 1;
}
- return $ret ? 1 : 0;
+ return 0;
}
sub validate_date {