Bug 236650: html_quote and validate email addresses in editueser.cgi

author bugreport%peshkin.net <>

Sat, 10 Jul 2004 14:27:48 +0000 (14:27 +0000)

committer bugreport%peshkin.net <>

Sat, 10 Jul 2004 14:27:48 +0000 (14:27 +0000)
author bugreport%peshkin.net <>
Sat, 10 Jul 2004 14:27:48 +0000 (14:27 +0000)
committer bugreport%peshkin.net <>
Sat, 10 Jul 2004 14:27:48 +0000 (14:27 +0000)
diff --git a/editusers.cgi b/editusers.cgi

index f7824e4359d5de64b139de4ce1d88ef9ad8b6677..9dfc672d9bdaec5602a26f580a8dfe0189c6fbe6 100755 (executable)
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -357,7 +357,7 @@ if ($action eq 'list') {
          }
          $realname = ($realname ? html_quote($realname) : "<FONT COLOR=\"red\">missing</FONT>");
          print "<TR>\n";
-        print "  <TD VALIGN=\"top\"><A HREF=\"editusers.cgi?action=edit&user=", url_quote($user), "\"><B>$s$user$e</B></A></TD>\n";
+        print "  <TD VALIGN=\"top\"><A HREF=\"editusers.cgi?action=edit&user=", url_quote($user), "\"><B>$s", html_quote($user), "$e</B></A></TD>\n";
          print "  <TD VALIGN=\"top\">$s$realname$e</TD>\n";
          if ($candelete) {
              print "  <TD VALIGN=\"top\"><A HREF=\"editusers.cgi?action=del&user=", url_quote($user), "\">Delete</A></TD>\n";
@@ -749,6 +749,14 @@ if ($action eq 'update') {
               WHERE login_name=" . SqlQuote($userold));
      my ($thisuserid) = FetchSQLData();
  
+    my $emailregexp = Param("emailregexp");
+    unless ($user =~ m/$emailregexp/) {
+        print "The user name entered must be a valid e-mail address. Please press\n";
+        print "<b>Back</b> and try again.\n";
+        PutTrailer($localtrailer);
+        exit;
+    }
+
      my @grpadd = ();
      my @grpdel = ();
      my $chggrp = 0;
author	bugreport%peshkin.net <>
	Sat, 10 Jul 2004 14:27:48 +0000 (14:27 +0000)
committer	bugreport%peshkin.net <>
	Sat, 10 Jul 2004 14:27:48 +0000 (14:27 +0000)