aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorlpsolit%gmail.com <>2005-08-22 03:21:38 +0000
committerlpsolit%gmail.com <>2005-08-22 03:21:38 +0000
commit30f965e08ca2a5bbfffe9d7d99109413329b2763 (patch)
tree1fb84b22f29482b67746e340860e2b0d40631967 /editwhines.cgi
parentBug 290366: JavaScript error in productmenu.js from editflagtypes.cgi and req... (diff)
downloadbugzilla-30f965e08ca2a5bbfffe9d7d99109413329b2763.tar.gz
bugzilla-30f965e08ca2a5bbfffe9d7d99109413329b2763.tar.bz2
bugzilla-30f965e08ca2a5bbfffe9d7d99109413329b2763.zip
Bug 300831: editwhines.cgi twice uses $1 without checking for regex match - Patch by A. Karl Kornel <karl@kornel.name> r=joel a=myk
Diffstat (limited to 'editwhines.cgi')
-rwxr-xr-xeditwhines.cgi27
1 files changed, 17 insertions, 10 deletions
diff --git a/editwhines.cgi b/editwhines.cgi
index 66387dd82..db9d08292 100755
--- a/editwhines.cgi
+++ b/editwhines.cgi
@@ -236,19 +236,26 @@ if ($cgi->param('update')) {
if ($mailto_type == MAILTO_USER) {
# detaint
my $emailregexp = Param('emailregexp');
- $mailto =~ /($emailregexp)/;
- $mailto =~ $1;
- $mailto_id = login_to_id($mailto);
+ if ($mailto =~ /($emailregexp)/) {
+ $mailto_id = login_to_id($1);
+ }
+ else {
+ ThrowUserError("illegal_email_address",
+ { addr => $mailto });
+ }
}
elsif ($mailto_type == MAILTO_GROUP) {
# detaint the group parameter
- $mailto =~ /^([0-9a-z_\-\.]+)/i;
- my $group = $1;
-
- $mailto_id = Bugzilla::Group::ValidateGroupName(
- $group, ($user));
- $mailto_id || ThrowUserError(
- 'invalid_group_name', {name => $group});
+ if ($mailto =~ /^([0-9a-z_\-\.]+)$/i) {
+ $mailto_id = Bugzilla::Group::ValidateGroupName(
+ $1, ($user)) ||
+ ThrowUserError(
+ 'invalid_group_name',
+ { name => $1 });
+ } else {
+ ThrowUserError('invalid_group_name',
+ { name => $mailto });
+ }
}
else {
# bad value, so it will just mail to the whine