diff options
-rw-r--r-- | Bugzilla/User.pm | 2 | ||||
-rw-r--r-- | Bugzilla/Util.pm | 10 | ||||
-rw-r--r-- | CGI.pl | 8 | ||||
-rwxr-xr-x | createaccount.cgi | 3 | ||||
-rwxr-xr-x | editflagtypes.cgi | 3 | ||||
-rwxr-xr-x | editusers.cgi | 4 | ||||
-rwxr-xr-x | token.cgi | 2 | ||||
-rwxr-xr-x | userprefs.cgi | 2 |
8 files changed, 18 insertions, 16 deletions
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm index 494876b31..231f09667 100644 --- a/Bugzilla/User.pm +++ b/Bugzilla/User.pm @@ -1138,7 +1138,7 @@ sub insert_new_user ($$;$$) { $password ||= &::GenerateRandomPassword(); my $cryptpassword = bz_crypt($password); - # XXX - These should be moved into ValidateNewUser or CheckEmailSyntax + # XXX - These should be moved into is_available_username or check_email_syntax # At the least, they shouldn't be here. They're safe for now, though. trick_taint($username); trick_taint($realname); diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm index 1ac25d1aa..256be5c31 100644 --- a/Bugzilla/Util.pm +++ b/Bugzilla/Util.pm @@ -39,7 +39,7 @@ use base qw(Exporter); trim wrap_comment find_wrap_point format_time format_time_decimal file_mod_time - bz_crypt); + bz_crypt check_email_syntax); use Bugzilla::Config; use Bugzilla::Error; @@ -342,6 +342,14 @@ sub bz_crypt ($) { return $cryptedpassword; } +sub check_email_syntax { + my ($addr) = (@_); + my $match = Param('emailregexp'); + if ($addr !~ /$match/ || $addr =~ /[\\\(\)<>&,;:"\[\] \t\r\n]/) { + ThrowUserError("illegal_email_address", { addr => $addr }); + } +} + sub ValidateDate { my ($date, $format) = @_; my $date2; @@ -103,14 +103,6 @@ sub CheckFormFieldDefined ($$) { } } -sub CheckEmailSyntax { - my ($addr) = (@_); - my $match = Param('emailregexp'); - if ($addr !~ /$match/ || $addr =~ /[\\\(\)<>&,;:"\[\] \t\r\n]/) { - ThrowUserError("illegal_email_address", { addr => $addr }); - } -} - sub PutHeader { ($vars->{'title'}, $vars->{'h1'}, $vars->{'h2'}) = (@_); diff --git a/createaccount.cgi b/createaccount.cgi index 499e200e7..d42ed76ec 100755 --- a/createaccount.cgi +++ b/createaccount.cgi @@ -33,6 +33,7 @@ require "CGI.pl"; use Bugzilla::Constants; use Bugzilla::User; use Bugzilla::BugMail; +use Bugzilla::Util; # Shut up misguided -w warnings about "used only once": use vars qw( @@ -63,7 +64,7 @@ my $login = $cgi->param('login'); if (defined($login)) { # We've been asked to create an account. my $realname = trim($cgi->param('realname')); - CheckEmailSyntax($login); + check_email_syntax($login); $vars->{'login'} = $login; if (!is_available_username($login)) { diff --git a/editflagtypes.cgi b/editflagtypes.cgi index bdf0779b4..57795f493 100755 --- a/editflagtypes.cgi +++ b/editflagtypes.cgi @@ -37,6 +37,7 @@ use Bugzilla::Constants; use Bugzilla::Flag; use Bugzilla::FlagType; use Bugzilla::User; +use Bugzilla::Util; use vars qw( $template $vars ); @@ -488,7 +489,7 @@ sub validateCCList { { cc_list => $cgi->param('cc_list') }); my @addresses = split(/[, ]+/, $cgi->param('cc_list')); - foreach my $address (@addresses) { CheckEmailSyntax($address) } + foreach my $address (@addresses) { check_email_syntax($address) } } sub validateProduct { diff --git a/editusers.cgi b/editusers.cgi index 18005fd94..be1607130 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -170,7 +170,7 @@ if ($action eq 'search') { # Validity checks $login || ThrowUserError('user_login_required'); - CheckEmailSyntax($login); + check_email_syntax($login); is_available_username($login) || ThrowUserError('account_exists', {'email' => $login}); ValidatePassword($password); @@ -246,7 +246,7 @@ if ($action eq 'search') { if ($login ne $loginold) { # Validate, then trick_taint. $login || ThrowUserError('user_login_required'); - CheckEmailSyntax($login); + check_email_syntax($login); is_available_username($login) || ThrowUserError('account_exists', {'email' => $login}); trick_taint($login); @@ -112,7 +112,7 @@ if ( $::action eq 'reqpw' ) { # Make sure the login name looks like an email address. This function # displays its own error and stops execution if the login name looks wrong. - CheckEmailSyntax($cgi->param('loginname')); + check_email_syntax($cgi->param('loginname')); my $quotedloginname = SqlQuote($cgi->param('loginname')); SendSQL("SELECT userid FROM profiles WHERE " . diff --git a/userprefs.cgi b/userprefs.cgi index 5f52a3ca7..be6f40b04 100755 --- a/userprefs.cgi +++ b/userprefs.cgi @@ -118,7 +118,7 @@ sub SaveAccount { } # Before changing an email address, confirm one does not exist. - CheckEmailSyntax($new_login_name); + check_email_syntax($new_login_name); trick_taint($new_login_name); is_available_username($new_login_name) || ThrowUserError("account_exists", {email => $new_login_name}); |