From: justdave%syndicomm.com <>
Date: Sat, 12 May 2001 01:02:38 +0000 (+0000)
Subject: Fix for bug 38859: escape invalid email addresses for HTML before displaying to the... 
X-Git-Tag: bugzilla-2.14~128
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c04fc5ccd7740cef2e5455f7aec103a0b91ca62e;p=thirdparty%2Fbugzilla.git

Fix for bug 38859: escape invalid email addresses for HTML before displaying to the user.
Patch by Myk Melez <myk@mozilla.org>
r= jake@acutex.net, justdave@syndicomm.com
---

diff --git a/CGI.pl b/CGI.pl
index 587ecc0747..e82ce89114 100644
--- a/CGI.pl
+++ b/CGI.pl
@@ -593,6 +593,9 @@ sub CheckEmailSyntax {
     if ($addr !~ /$match/) {
         print "Content-type: text/html\n\n";
 
+        # For security, escape HTML special characters.
+        $addr = html_quote($addr);
+
         PutHeader("Check e-mail syntax");
         print "The e-mail address you entered\n";
         print "(<b>$addr</b>) didn't match our minimal\n";