diff options
| author | lpsolit%gmail.com <> | 2005-08-22 05:21:38 +0200 |
|---|---|---|
| committer | lpsolit%gmail.com <> | 2005-08-22 05:21:38 +0200 |
| commit | 30f965e08ca2a5bbfffe9d7d99109413329b2763 (patch) | |
| tree | 1fb84b22f29482b67746e340860e2b0d40631967 /editwhines.cgi | |
| parent | 7e7134c7418c3381c4fda14fcceffec0fe2769eb (diff) | |
| download | bugzilla-30f965e08ca2a5bbfffe9d7d99109413329b2763.tar.gz bugzilla-30f965e08ca2a5bbfffe9d7d99109413329b2763.tar.xz | |
Bug 300831: editwhines.cgi twice uses $1 without checking for regex match - Patch by A. Karl Kornel <karl@kornel.name> r=joel a=myk
Diffstat (limited to 'editwhines.cgi')
| -rwxr-xr-x | editwhines.cgi | 27 |
1 files changed, 17 insertions, 10 deletions
diff --git a/editwhines.cgi b/editwhines.cgi index 66387dd82..db9d08292 100755 --- a/editwhines.cgi +++ b/editwhines.cgi @@ -236,19 +236,26 @@ if ($cgi->param('update')) { if ($mailto_type == MAILTO_USER) { # detaint my $emailregexp = Param('emailregexp'); - $mailto =~ /($emailregexp)/; - $mailto =~ $1; - $mailto_id = login_to_id($mailto); + if ($mailto =~ /($emailregexp)/) { + $mailto_id = login_to_id($1); + } + else { + ThrowUserError("illegal_email_address", + { addr => $mailto }); + } } elsif ($mailto_type == MAILTO_GROUP) { # detaint the group parameter - $mailto =~ /^([0-9a-z_\-\.]+)/i; - my $group = $1; - - $mailto_id = Bugzilla::Group::ValidateGroupName( - $group, ($user)); - $mailto_id || ThrowUserError( - 'invalid_group_name', {name => $group}); + if ($mailto =~ /^([0-9a-z_\-\.]+)$/i) { + $mailto_id = Bugzilla::Group::ValidateGroupName( + $1, ($user)) || + ThrowUserError( + 'invalid_group_name', + { name => $1 }); + } else { + ThrowUserError('invalid_group_name', + { name => $mailto }); + } } else { # bad value, so it will just mail to the whine |