From: bugreport%peshkin.net <>
Date: Sat, 10 Jul 2004 14:31:07 +0000 (+0000)
Subject: Bug 236650: html_quote and validate email addresses in editueser.cgi
X-Git-Tag: bugzilla-2.16.6~8
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f3ac23f32c58ff3cb3653ffbc0a1b9feac5a905d;p=thirdparty%2Fbugzilla.git
Bug 236650: html_quote and validate email addresses in editueser.cgi
patch by vlad
r=joel,justdave
a=justdave
---
diff --git a/editusers.cgi b/editusers.cgi
index f9800c704a..a6c358d554 100755
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -346,7 +346,7 @@ if ($action eq 'list') {
}
$realname = ($realname ? html_quote($realname) : "missing");
print "\n";
- print " | $s$user$e | \n";
+ print " $s", html_quote($user), "$e | \n";
print " $s$realname$e | \n";
if ($candelete) {
print " Delete | \n";
@@ -448,8 +448,8 @@ if ($action eq 'new') {
exit;
}
unless ($user =~ m/$emailregexp/) {
- print "The user name entered must be a valid e-mail address. Please press\n";
- print "Back and try again.\n";
+ print "The user name entered must be a valid e-mail address.\n";
+ print "Please press Back and try again.\n";
PutTrailer($localtrailer);
exit;
}
@@ -759,6 +759,14 @@ if ($action eq 'update') {
CheckUser($userold);
+ my $emailregexp = Param("emailregexp");
+ unless ($user =~ m/$emailregexp/) {
+ print "The user name entered must be a valid e-mail address.\n";
+ print "Please press Back and try again.\n";
+ PutTrailer($localtrailer);
+ exit;
+ }
+
# Note that the order of this tests is important. If you change
# them, be sure to test for WHERE='$product' or WHERE='$productold'