diff options
| -rwxr-xr-x | createaccount.cgi | 1 | ||||
| -rw-r--r-- | globals.pl | 12 |
2 files changed, 10 insertions, 3 deletions
diff --git a/createaccount.cgi b/createaccount.cgi index 79be1bb64..13256f47b 100755 --- a/createaccount.cgi +++ b/createaccount.cgi @@ -65,7 +65,6 @@ if (defined($login)) { # We've been asked to create an account. my $realname = trim($::FORM{'realname'}); CheckEmailSyntax($login); - trick_taint($login); $vars->{'login'} = $login; if (!ValidateNewUser($login)) { diff --git a/globals.pl b/globals.pl index 21bdc46cf..624f31171 100644 --- a/globals.pl +++ b/globals.pl @@ -552,11 +552,19 @@ sub ValidateNewUser { return 0; } + my $sqluname = SqlQuote($username); + # Reject if the new login is part of an email change which is # still in progress + # + # substring/locate stuff: bug 165221; this used to use regexes, but that + # was unsafe and required weird escaping; using substring to pull out + # the new/old email addresses and locate() to find the delimeter (':') + # is cleaner/safer SendSQL("SELECT eventdata FROM tokens WHERE tokentype = 'emailold' - AND eventdata like '%:$username' - OR eventdata like '$username:%'"); + AND SUBSTRING(eventdata, 1, (LOCATE(':', eventdata) - 1)) = $sqluname + OR SUBSTRING(eventdata, (LOCATE(':', eventdata) + 1)) = $sqluname"); + if (my ($eventdata) = FetchSQLData()) { # Allow thru owner of token if($old_username && ($eventdata eq "$old_username:$username")) { |