From: lpsolit%gmail.com <> Date: Mon, 22 Aug 2005 03:25:29 +0000 (+0000) Subject: Bug 300831: editwhines.cgi twice uses $1 without checking for regex match - Patch... X-Git-Tag: bugzilla-2.20~43 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a5ae5e18d0450d1a2611826f54b86b873b2dde6c;p=thirdparty%2Fbugzilla.git Bug 300831: editwhines.cgi twice uses $1 without checking for regex match - Patch by A. Karl Kornel r=joel a=myk --- diff --git a/editwhines.cgi b/editwhines.cgi index 1f5c954f39..f7e773fcc7 100755 --- a/editwhines.cgi +++ b/editwhines.cgi @@ -237,19 +237,26 @@ if ($cgi->param('update')) { if ($mailto_type == MAILTO_USER) { # detaint my $emailregexp = Param('emailregexp'); - $mailto =~ /($emailregexp)/; - $mailto =~ $1; - $mailto_id = login_to_id($mailto); + if ($mailto =~ /($emailregexp)/) { + $mailto_id = login_to_id($1); + } + else { + ThrowUserError("illegal_email_address", + { addr => $mailto }); + } } elsif ($mailto_type == MAILTO_GROUP) { # detaint the group parameter - $mailto =~ /^([0-9a-z_\-\.]+)/i; - my $group = $1; - - $mailto_id = Bugzilla::Group::ValidateGroupName( - $group, ($user)); - $mailto_id || ThrowUserError( - 'invalid_group_name', {name => $group}); + if ($mailto =~ /^([0-9a-z_\-\.]+)$/i) { + $mailto_id = Bugzilla::Group::ValidateGroupName( + $1, ($user)) || + ThrowUserError( + 'invalid_group_name', + { name => $1 }); + } else { + ThrowUserError('invalid_group_name', + { name => $mailto }); + } } else { # bad value, so it will just mail to the whine