summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Bugzilla/Search.pm8
-rw-r--r--Bugzilla/User.pm2
-rw-r--r--Bugzilla/Util.pm38
-rwxr-xr-xcreateaccount.cgi5
-rwxr-xr-xeditflagtypes.cgi5
-rwxr-xr-xeditusers.cgi15
-rwxr-xr-xpost_bug.cgi5
-rwxr-xr-xprocess_bug.cgi4
-rwxr-xr-xtoken.cgi7
-rwxr-xr-xuserprefs.cgi3
10 files changed, 58 insertions, 34 deletions
diff --git a/Bugzilla/Search.pm b/Bugzilla/Search.pm
index 0b1ac94ba..6255ede5d 100644
--- a/Bugzilla/Search.pm
+++ b/Bugzilla/Search.pm
@@ -350,14 +350,18 @@ sub init {
if ($params->param('deadlinefrom')){
$deadlinefrom = $params->param('deadlinefrom');
- Bugzilla::Util::ValidateDate($deadlinefrom, 'deadlinefrom');
+ validate_date($deadlinefrom)
+ || ThrowUserError('illegal_date', {date => $deadlinefrom,
+ format => 'YYYY-MM-DD'});
$sql_deadlinefrom = &::SqlQuote($deadlinefrom);
push(@wherepart, "bugs.deadline >= $sql_deadlinefrom");
}
if ($params->param('deadlineto')){
$deadlineto = $params->param('deadlineto');
- Bugzilla::Util::ValidateDate($deadlineto, 'deadlineto');
+ validate_date($deadlineto)
+ || ThrowUserError('illegal_date', {date => $deadlineto,
+ format => 'YYYY-MM-DD'});
$sql_deadlineto = &::SqlQuote($deadlineto);
push(@wherepart, "bugs.deadline <= $sql_deadlineto");
}
diff --git a/Bugzilla/User.pm b/Bugzilla/User.pm
index ad0430449..ab70f06fa 100644
--- a/Bugzilla/User.pm
+++ b/Bugzilla/User.pm
@@ -1184,7 +1184,7 @@ sub insert_new_user {
$password ||= &::GenerateRandomPassword();
my $cryptpassword = bz_crypt($password);
- # XXX - These should be moved into is_available_username or check_email_syntax
+ # XXX - These should be moved into is_available_username or validate_email_syntax
# At the least, they shouldn't be here. They're safe for now, though.
trick_taint($username);
trick_taint($realname);
diff --git a/Bugzilla/Util.pm b/Bugzilla/Util.pm
index d70bc13dd..694f6f1c4 100644
--- a/Bugzilla/Util.pm
+++ b/Bugzilla/Util.pm
@@ -37,13 +37,13 @@ use base qw(Exporter);
lsearch max min
diff_arrays diff_strings
trim wrap_comment find_wrap_point
- format_time format_time_decimal
+ format_time format_time_decimal validate_date
file_mod_time is_7bit_clean
- bz_crypt check_email_syntax);
+ bz_crypt validate_email_syntax);
use Bugzilla::Config;
-use Bugzilla::Error;
use Bugzilla::Constants;
+
use Date::Parse;
use Date::Format;
use Text::Wrap;
@@ -349,16 +349,15 @@ sub bz_crypt {
return $cryptedpassword;
}
-sub check_email_syntax {
- my ($addr) = (@_);
+sub validate_email_syntax {
+ my ($addr) = @_;
my $match = Param('emailregexp');
- if ($addr !~ /$match/ || $addr =~ /[\\\(\)<>&,;:"\[\] \t\r\n]/) {
- ThrowUserError("illegal_email_address", { addr => $addr });
- }
+ my $ret = ($addr =~ /$match/ && $addr !~ /[\\\(\)<>&,;:"\[\] \t\r\n]/);
+ return $ret ? 1 : 0;
}
-sub ValidateDate {
- my ($date, $format) = @_;
+sub validate_date {
+ my ($date) = @_;
my $date2;
# $ts is undefined if the parser fails.
@@ -369,9 +368,8 @@ sub ValidateDate {
$date =~ s/(\d+)-0*(\d+?)-0*(\d+?)/$1-$2-$3/;
$date2 =~ s/(\d+)-0*(\d+?)-0*(\d+?)/$1-$2-$3/;
}
- if (!$ts || $date ne $date2) {
- ThrowUserError('illegal_date', {date => $date, format => $format});
- }
+ my $ret = ($ts && $date eq $date2);
+ return $ret ? 1 : 0;
}
sub is_7bit_clean {
@@ -431,7 +429,8 @@ Bugzilla::Util - Generic utility functions for bugzilla
$crypted_password = bz_crypt($password);
# Validation Functions
- check_email_syntax($email);
+ validate_email_syntax($email);
+ validate_date($date);
=head1 DESCRIPTION
@@ -670,9 +669,14 @@ characters of the password to anyone who views the encrypted version.
=over 4
-=item C<check_email_syntax($email)>
+=item C<validate_email_syntax($email)>
+
+Do a syntax checking for a legal email address and returns 1 if
+the check is successful, else returns 0.
+
+=item C<validate_date($date)>
-Do a syntax checking for a legal email address. An error is thrown
-if the validation fails.
+Make sure the date has the correct format and returns 1 if
+the check is successful, else returns 0.
=back
diff --git a/createaccount.cgi b/createaccount.cgi
index 29b3c00ec..1be63756d 100755
--- a/createaccount.cgi
+++ b/createaccount.cgi
@@ -63,7 +63,10 @@ my $login = $cgi->param('login');
if (defined($login)) {
# We've been asked to create an account.
my $realname = trim($cgi->param('realname'));
- check_email_syntax($login);
+
+ validate_email_syntax($login)
+ || ThrowUserError('illegal_email_address', {addr => $login});
+
$vars->{'login'} = $login;
$dbh->bz_lock_tables('profiles WRITE', 'email_setting WRITE', 'tokens READ');
diff --git a/editflagtypes.cgi b/editflagtypes.cgi
index bcf811f94..a7c1a5541 100755
--- a/editflagtypes.cgi
+++ b/editflagtypes.cgi
@@ -489,7 +489,10 @@ sub validateCCList {
{ cc_list => $cgi->param('cc_list') });
my @addresses = split(/[, ]+/, $cgi->param('cc_list'));
- foreach my $address (@addresses) { check_email_syntax($address) }
+ foreach my $address (@addresses) {
+ validate_email_syntax($address)
+ || ThrowUserError('illegal_email_address', {addr => $address});
+ }
}
sub validateProduct {
diff --git a/editusers.cgi b/editusers.cgi
index bada71af7..56c0a7635 100755
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -169,9 +169,10 @@ if ($action eq 'search') {
# Validity checks
$login || ThrowUserError('user_login_required');
- check_email_syntax($login);
- is_available_username($login) || ThrowUserError('account_exists',
- {'email' => $login});
+ validate_email_syntax($login)
+ || ThrowUserError('illegal_email_address', {addr => $login});
+ is_available_username($login)
+ || ThrowUserError('account_exists', {email => $login});
ValidatePassword($password);
# Login and password are validated now, and realname and disabledtext
@@ -245,9 +246,11 @@ if ($action eq 'search') {
if ($login ne $loginold) {
# Validate, then trick_taint.
$login || ThrowUserError('user_login_required');
- check_email_syntax($login);
- is_available_username($login) || ThrowUserError('account_exists',
- {'email' => $login});
+ validate_email_syntax($login)
+ || ThrowUserError('illegal_email_address', {addr => $login});
+ is_available_username($login)
+ || ThrowUserError('account_exists', {email => $login});
+
trick_taint($login);
push(@changedFields, 'login_name');
push(@values, $login);
diff --git a/post_bug.cgi b/post_bug.cgi
index 1b5b329db..db95cbc5e 100755
--- a/post_bug.cgi
+++ b/post_bug.cgi
@@ -29,6 +29,7 @@ use lib qw(.);
require "globals.pl";
use Bugzilla;
use Bugzilla::Constants;
+use Bugzilla::Util;
use Bugzilla::Bug;
use Bugzilla::User;
use Bugzilla::Field;
@@ -309,7 +310,9 @@ if (UserInGroup(Param("timetrackinggroup")) &&
}
if ((UserInGroup(Param("timetrackinggroup"))) && ($cgi->param('deadline'))) {
- Bugzilla::Util::ValidateDate($cgi->param('deadline'), 'YYYY-MM-DD');
+ validate_date($cgi->param('deadline'))
+ || ThrowUserError('illegal_date', {date => $cgi->param('deadline'),
+ format => 'YYYY-MM-DD'});
$sql .= SqlQuote($cgi->param('deadline'));
} else {
$sql .= "NULL";
diff --git a/process_bug.cgi b/process_bug.cgi
index b1b9c8050..b330615ce 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -1103,7 +1103,9 @@ if (UserInGroup(Param('timetrackinggroup'))) {
DoComma();
$::query .= "deadline = ";
if ($cgi->param('deadline')) {
- Bugzilla::Util::ValidateDate($cgi->param('deadline'), 'YYYY-MM-DD');
+ validate_date($cgi->param('deadline'))
+ || ThrowUserError('illegal_date', {date => $cgi->param('deadline'),
+ format => 'YYYY-MM-DD'});
$::query .= SqlQuote($cgi->param('deadline'));
} else {
$::query .= "NULL" ;
diff --git a/token.cgi b/token.cgi
index 1d398f84d..79bf33dd7 100755
--- a/token.cgi
+++ b/token.cgi
@@ -110,9 +110,10 @@ if ( $::action eq 'reqpw' ) {
ThrowUserError("password_change_requests_not_allowed");
}
- # Make sure the login name looks like an email address. This function
- # displays its own error and stops execution if the login name looks wrong.
- check_email_syntax($cgi->param('loginname'));
+ # Make sure the login name looks like an email address.
+ validate_email_syntax($cgi->param('loginname'))
+ || ThrowUserError('illegal_email_address',
+ {addr => $cgi->param('loginname')});
my $quotedloginname = SqlQuote($cgi->param('loginname'));
SendSQL("SELECT userid FROM profiles WHERE " .
diff --git a/userprefs.cgi b/userprefs.cgi
index 0a6ffe288..065dcb472 100755
--- a/userprefs.cgi
+++ b/userprefs.cgi
@@ -117,7 +117,8 @@ sub SaveAccount {
}
# Before changing an email address, confirm one does not exist.
- check_email_syntax($new_login_name);
+ validate_email_syntax($new_login_name)
+ || ThrowUserError('illegal_email_address', {addr => $new_login_name});
trick_taint($new_login_name);
is_available_username($new_login_name)
|| ThrowUserError("account_exists", {email => $new_login_name});