From: lpsolit%gmail.com <> Date: Wed, 27 Aug 2008 05:53:21 +0000 (+0000) Subject: Bug 385897: editwhines.cgi doesn't allow to whine at groups with a name containing... X-Git-Tag: bugzilla-3.2rc2~81 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=92446186a5dde627c86b36a8d1ea534d776f451a;p=thirdparty%2Fbugzilla.git Bug 385897: editwhines.cgi doesn't allow to whine at groups with a name containing blanks - Patch by Frédéric Buclin r=wurblzap a=LpSolit --- diff --git a/editwhines.cgi b/editwhines.cgi index 7da598dd8b..33b7860bc6 100755 --- a/editwhines.cgi +++ b/editwhines.cgi @@ -238,28 +238,14 @@ if ($cgi->param('update')) { # get an id for the mailto address if ($can_mail_others && $mailto) { if ($mailto_type == MAILTO_USER) { - # detaint - my $emailregexp = Bugzilla->params->{'emailregexp'}; - if ($mailto =~ /($emailregexp)/) { - $mailto_id = login_to_id($1); - } - else { - ThrowUserError("illegal_email_address", - { addr => $mailto }); - } + # The user login has already been validated. + $mailto_id = login_to_id($mailto); } elsif ($mailto_type == MAILTO_GROUP) { - # detaint the group parameter - if ($mailto =~ /^([0-9a-z_\-\.]+)$/i) { - $mailto_id = Bugzilla::Group::ValidateGroupName( - $1, ($user)) || - ThrowUserError( - 'invalid_group_name', - { name => $1 }); - } else { - ThrowUserError('invalid_group_name', - { name => $mailto }); - } + # The group name is used in a placeholder. + trick_taint($mailto); + $mailto_id = Bugzilla::Group::ValidateGroupName($mailto, ($user)) + || ThrowUserError('invalid_group_name', { name => $mailto }); } else { # bad value, so it will just mail to the whine