Bug 395632: [SECURITY] XML-RPC WebService Bugzilla::User::offer_account_by_email...

author mkanat%bugzilla.org <>

Wed, 19 Sep 2007 04:30:20 +0000 (04:30 +0000)

committer mkanat%bugzilla.org <>

Wed, 19 Sep 2007 04:30:20 +0000 (04:30 +0000)
author mkanat%bugzilla.org <>
Wed, 19 Sep 2007 04:30:20 +0000 (04:30 +0000)
committer mkanat%bugzilla.org <>
Wed, 19 Sep 2007 04:30:20 +0000 (04:30 +0000)
diff --git a/Bugzilla/WebService/Constants.pm b/Bugzilla/WebService/Constants.pm

index 5e255d4be3ebd6aa2c6ad76c3ec1c9d8db3e4208..0b73114dfbe6d8c30cb0018c940659bcee192bbe 100755 (executable)
--- a/Bugzilla/WebService/Constants.pm
+++ b/Bugzilla/WebService/Constants.pm
@@ -84,6 +84,7 @@ use constant WS_ERROR_CODE => {
      # User errors are 500-600.
      account_exists        => 500,
      illegal_email_address => 501,
+    account_creation_disabled   => 501,
      password_too_short    => 502,
      password_too_long     => 503,
      invalid_username      => 504,
diff --git a/Bugzilla/WebService/User.pm b/Bugzilla/WebService/User.pm

index db02ff75ae65f6d04d1fc6f1869c0992add7c10f..12ca0a4ce12794f4bfe1a200514e676e873606c4 100755 (executable)
--- a/Bugzilla/WebService/User.pm
+++ b/Bugzilla/WebService/User.pm
@@ -74,6 +74,11 @@ sub offer_account_by_email {
      my $email = trim($params->{email})
          || ThrowCodeError('param_required', { param => 'email' });
  
+    my $createexp = Bugzilla->params->{'createemailregexp'};
+    if (!$createexp || $email !~ /$createexp/) {
+        ThrowUserError("account_creation_disabled");
+    }
+
      $email = Bugzilla::User->check_login_name_for_creation($email);
  
      # Create and send a token for this new account.
author	mkanat%bugzilla.org <>
	Wed, 19 Sep 2007 04:30:20 +0000 (04:30 +0000)
committer	mkanat%bugzilla.org <>
	Wed, 19 Sep 2007 04:30:20 +0000 (04:30 +0000)
Bugzilla/WebService/Constants.pm		patch \| blob \| blame \| history
Bugzilla/WebService/User.pm		patch \| blob \| blame \| history