From 052c5ebc181807287a6c9d972dbed7405cd00ef2 Mon Sep 17 00:00:00 2001
From: "mkanat%bugzilla.org" <>
Date: Wed, 19 Sep 2007 04:28:30 +0000
Subject: Bug 395632: [SECURITY] XML-RPC WebService
 Bugzilla::User::offer_account_by_email does not check createemailregexp Patch
 By Max Kanat-Alexander <mkanat@bugzilla.org> r=LpSolit, r=Wurblzap, a=mkanat

---
 Bugzilla/WebService/User.pm | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'Bugzilla/WebService/User.pm')

diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm
index db02ff75a..f839e2a9d 100755
--- a/Bugzilla/WebService/User.pm
+++ b/Bugzilla/WebService/User.pm
@@ -74,6 +74,14 @@ sub offer_account_by_email {
     my $email = trim($params->{email})
         || ThrowCodeError('param_required', { param => 'email' });
 
+    my $createexp = Bugzilla->params->{'createemailregexp'};
+    if (!$createexp) {
+        ThrowUserError("account_creation_disabled");
+    }
+    elsif ($email !~ /$createexp/) {
+        ThrowUserError("account_creation_restricted");
+    }
+
     $email = Bugzilla::User->check_login_name_for_creation($email);
 
     # Create and send a token for this new account.
-- 
cgit v1.2.3-24-g4f1b