diff options
| author | bugreport%peshkin.net <> | 2004-07-10 16:27:48 +0200 |
|---|---|---|
| committer | bugreport%peshkin.net <> | 2004-07-10 16:27:48 +0200 |
| commit | 1ade641d4492138b0590c5717b47b429fff83d8a (patch) | |
| tree | 58ffab40f5920398dae6e79e0628de2cedc51a32 /editusers.cgi | |
| parent | 386cc09bdd56a413836a4e74579f60772bbf0e80 (diff) | |
| download | bugzilla-1ade641d4492138b0590c5717b47b429fff83d8a.tar.gz bugzilla-1ade641d4492138b0590c5717b47b429fff83d8a.tar.xz | |
Bug 236650: html_quote and validate email addresses in editueser.cgi
patch by vlad
r=joel,justdave
a=justdave
Diffstat (limited to 'editusers.cgi')
| -rwxr-xr-x | editusers.cgi | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/editusers.cgi b/editusers.cgi index f7824e435..9dfc672d9 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -357,7 +357,7 @@ if ($action eq 'list') { } $realname = ($realname ? html_quote($realname) : "<FONT COLOR=\"red\">missing</FONT>"); print "<TR>\n"; - print " <TD VALIGN=\"top\"><A HREF=\"editusers.cgi?action=edit&user=", url_quote($user), "\"><B>$s$user$e</B></A></TD>\n"; + print " <TD VALIGN=\"top\"><A HREF=\"editusers.cgi?action=edit&user=", url_quote($user), "\"><B>$s", html_quote($user), "$e</B></A></TD>\n"; print " <TD VALIGN=\"top\">$s$realname$e</TD>\n"; if ($candelete) { print " <TD VALIGN=\"top\"><A HREF=\"editusers.cgi?action=del&user=", url_quote($user), "\">Delete</A></TD>\n"; @@ -749,6 +749,14 @@ if ($action eq 'update') { WHERE login_name=" . SqlQuote($userold)); my ($thisuserid) = FetchSQLData(); + my $emailregexp = Param("emailregexp"); + unless ($user =~ m/$emailregexp/) { + print "The user name entered must be a valid e-mail address. Please press\n"; + print "<b>Back</b> and try again.\n"; + PutTrailer($localtrailer); + exit; + } + my @grpadd = (); my @grpdel = (); my $chggrp = 0; |