Fix for bug 38859: escape invalid email addresses for HTML before displaying to the user.

Patch by Myk Melez <myk@mozilla.org> r= jake@acutex.net, justdave@syndicomm.com
author: justdave%syndicomm.com <> 2001-05-12 03:02:38 +0200
committer: justdave%syndicomm.com <> 2001-05-12 03:02:38 +0200
commit: c04fc5ccd7740cef2e5455f7aec103a0b91ca62e (patch)
tree: 6488e6e285a4909fcdcaa89da29917b3369bc2b6 /CGI.pl
parent: 0776fda7ed23e82f3d09ccabb603e1d4f26f9d42 (diff)
download: bugzilla-c04fc5ccd7740cef2e5455f7aec103a0b91ca62e.tar.gz
bugzilla-c04fc5ccd7740cef2e5455f7aec103a0b91ca62e.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/CGI.pl b/CGI.pl
index 587ecc074..e82ce8911 100644
--- a/CGI.pl
+++ b/CGI.pl
@@ -593,6 +593,9 @@ sub CheckEmailSyntax {
     if ($addr !~ /$match/) {
         print "Content-type: text/html\n\n";
 
+        # For security, escape HTML special characters.
+        $addr = html_quote($addr);
+
         PutHeader("Check e-mail syntax");
         print "The e-mail address you entered\n";
         print "(<b>$addr</b>) didn't match our minimal\n";
author	justdave%syndicomm.com <>	2001-05-12 03:02:38 +0200
committer	justdave%syndicomm.com <>	2001-05-12 03:02:38 +0200
commit	c04fc5ccd7740cef2e5455f7aec103a0b91ca62e (patch)
tree	6488e6e285a4909fcdcaa89da29917b3369bc2b6 /CGI.pl
parent	0776fda7ed23e82f3d09ccabb603e1d4f26f9d42 (diff)
download	bugzilla-c04fc5ccd7740cef2e5455f7aec103a0b91ca62e.tar.gz bugzilla-c04fc5ccd7740cef2e5455f7aec103a0b91ca62e.tar.xz