From: preed%sigkill.com <>
Date: Fri, 30 Aug 2002 22:29:24 +0000 (+0000)
Subject: Bug 165221: Apostrophes not properly handled during account creation. r=joel,r2=bbaetz
X-Git-Tag: bugzilla-2.16.1~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2abde2a7c7fd09d3477165f5ac9590c57ea769a6;p=thirdparty%2Fbugzilla.git

Bug 165221: Apostrophes not properly handled during account creation. r=joel,r2=bbaetz
---

diff --git a/createaccount.cgi b/createaccount.cgi
index 8a5b85782b..e409f28b87 100755
--- a/createaccount.cgi
+++ b/createaccount.cgi
@@ -66,7 +66,6 @@ if (defined($login)) {
     # We've been asked to create an account.
     my $realname = trim($::FORM{'realname'});
     CheckEmailSyntax($login);
-    trick_taint($login);
     $vars->{'login'} = $login;
     
     if (!ValidateNewUser($login)) {
diff --git a/globals.pl b/globals.pl
index ee0e4f1538..94939e19d4 100644
--- a/globals.pl
+++ b/globals.pl
@@ -646,11 +646,19 @@ sub ValidateNewUser {
         return 0;
     }
 
+    my $sqluname = SqlQuote($username);
+
     # Reject if the new login is part of an email change which is 
     # still in progress
+    #
+    # substring/locate stuff: bug 165221; this used to use regexes, but that
+    # was unsafe and required weird escaping; using substring to pull out
+    # the new/old email addresses and locate() to find the delimeter (':')
+    # is cleaner/safer
     SendSQL("SELECT eventdata FROM tokens WHERE tokentype = 'emailold' 
-                AND eventdata like '%:$username' 
-                 OR eventdata like '$username:%'");
+     AND SUBSTRING(eventdata, 1, (LOCATE(':', eventdata) - 1)) = $sqluname 
+     OR SUBSTRING(eventdata, (LOCATE(':', eventdata) + 1)) = $sqluname");
+
     if (my ($eventdata) = FetchSQLData()) {
         # Allow thru owner of token
         if($old_username && ($eventdata eq "$old_username:$username")) {