Bug 385897: editwhines.cgi doesn't allow to whine at groups with a name containing...

author lpsolit%gmail.com <>

Wed, 27 Aug 2008 05:53:21 +0000 (05:53 +0000)

committer lpsolit%gmail.com <>

Wed, 27 Aug 2008 05:53:21 +0000 (05:53 +0000)
author lpsolit%gmail.com <>
Wed, 27 Aug 2008 05:53:21 +0000 (05:53 +0000)
committer lpsolit%gmail.com <>
Wed, 27 Aug 2008 05:53:21 +0000 (05:53 +0000)
diff --git a/editwhines.cgi b/editwhines.cgi

index 7da598dd8b1f03a3ef1a2f0c0ead9557d185dfe3..33b7860bc63c86746fcc8836f5cb56ff94046fad 100755 (executable)
--- a/editwhines.cgi
+++ b/editwhines.cgi
@@ -238,28 +238,14 @@ if ($cgi->param('update')) {
                      # get an id for the mailto address
                      if ($can_mail_others && $mailto) {
                          if ($mailto_type == MAILTO_USER) {
-                            # detaint
-                            my $emailregexp = Bugzilla->params->{'emailregexp'};
-                            if ($mailto =~ /($emailregexp)/) {
-                                $mailto_id = login_to_id($1);
-                            }
-                            else {
-                                ThrowUserError("illegal_email_address", 
-                                               { addr => $mailto });
-                            }
+                            # The user login has already been validated.
+                            $mailto_id = login_to_id($mailto);
                          }
                          elsif ($mailto_type == MAILTO_GROUP) {
-                            # detaint the group parameter
-                            if ($mailto =~ /^([0-9a-z_\-\.]+)$/i) {
-                                $mailto_id = Bugzilla::Group::ValidateGroupName(
-                                                 $1, ($user)) || 
-                                             ThrowUserError(
-                                                 'invalid_group_name', 
-                                                 { name => $1 });
-                            } else {
-                                ThrowUserError('invalid_group_name',
-                                               { name => $mailto });
-                            }
+                            # The group name is used in a placeholder.
+                            trick_taint($mailto);
+                            $mailto_id = Bugzilla::Group::ValidateGroupName($mailto, ($user))
+                                           || ThrowUserError('invalid_group_name', { name => $mailto });
                          }
                          else {
                              # bad value, so it will just mail to the whine
author	lpsolit%gmail.com <>
	Wed, 27 Aug 2008 05:53:21 +0000 (05:53 +0000)
committer	lpsolit%gmail.com <>
	Wed, 27 Aug 2008 05:53:21 +0000 (05:53 +0000)