From 30f965e08ca2a5bbfffe9d7d99109413329b2763 Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Mon, 22 Aug 2005 03:21:38 +0000 Subject: Bug 300831: editwhines.cgi twice uses $1 without checking for regex match - Patch by A. Karl Kornel r=joel a=myk --- editwhines.cgi | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/editwhines.cgi b/editwhines.cgi index 66387dd82..db9d08292 100755 --- a/editwhines.cgi +++ b/editwhines.cgi @@ -236,19 +236,26 @@ if ($cgi->param('update')) { if ($mailto_type == MAILTO_USER) { # detaint my $emailregexp = Param('emailregexp'); - $mailto =~ /($emailregexp)/; - $mailto =~ $1; - $mailto_id = login_to_id($mailto); + if ($mailto =~ /($emailregexp)/) { + $mailto_id = login_to_id($1); + } + else { + ThrowUserError("illegal_email_address", + { addr => $mailto }); + } } elsif ($mailto_type == MAILTO_GROUP) { # detaint the group parameter - $mailto =~ /^([0-9a-z_\-\.]+)/i; - my $group = $1; - - $mailto_id = Bugzilla::Group::ValidateGroupName( - $group, ($user)); - $mailto_id || ThrowUserError( - 'invalid_group_name', {name => $group}); + if ($mailto =~ /^([0-9a-z_\-\.]+)$/i) { + $mailto_id = Bugzilla::Group::ValidateGroupName( + $1, ($user)) || + ThrowUserError( + 'invalid_group_name', + { name => $1 }); + } else { + ThrowUserError('invalid_group_name', + { name => $mailto }); + } } else { # bad value, so it will just mail to the whine -- cgit v1.2.3-24-g4f1b