From 6ca81cd002656534e9f9df711eb99e85c69b54b5 Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Wed, 14 Dec 2005 05:32:51 +0000 Subject: [PATCH] =?utf8?q?Bug=20278414:=20Cannot=20add=20'cc'=20notificati?= =?utf8?q?on=20for=20Flags=20when=20using=20emailsuffixes=20-=20Patch=20by?= =?utf8?q?=20Fr=C3=A9d=C3=A9ric=20Buclin=20=20r=3Dwurbl?= =?utf8?q?zap=20a=3Djustdave?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit --- editflagtypes.cgi | 12 ++++++++++-- template/en/default/global/user-error.html.tmpl | 9 +++++++-- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/editflagtypes.cgi b/editflagtypes.cgi index 795ce985ed..c8eb159c22 100755 --- a/editflagtypes.cgi +++ b/editflagtypes.cgi @@ -498,9 +498,17 @@ sub validateCCList { { cc_list => $cc_list }); my @addresses = split(/[, ]+/, $cc_list); + # We do not call Util::validate_email_syntax because these + # addresses do not require to match 'emailregexp' and do not + # depend on 'emailsuffix'. So we limit ourselves to a simple + # sanity check: + # - match the syntax of a fully qualified email address; + # - do not contain any illegal character. foreach my $address (@addresses) { - validate_email_syntax($address) - || ThrowUserError('illegal_email_address', {addr => $address}); + ($address =~ /^[\w\.\+\-=]+@[\w\.\-]+\.[\w\-]+$/ + && $address !~ /[\\\(\)<>&,;:"\[\] \t\r\n]/) + || ThrowUserError('illegal_email_address', + {addr => $address, default => 1}); } trick_taint($cc_list); return $cc_list; diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl index 350f2c8a01..4ff86c34a9 100644 --- a/template/en/default/global/user-error.html.tmpl +++ b/template/en/default/global/user-error.html.tmpl @@ -556,8 +556,13 @@ [% ELSIF error == "illegal_email_address" %] [% title = "Invalid Email Address" %] The e-mail address you entered ([% addr FILTER html %]) - didn't pass our syntax checking for a legal email address. - [%+ Param('emailregexpdesc') %] + didn't pass our syntax checking for a legal email address. + [% IF default %] + A legal address must contain exactly one '@', + and at least one '.' after the @. + [% ELSE %] + [%+ Param('emailregexpdesc') %] + [% END %] It must also not contain any of these special characters: \ ( ) & < > , ; : " [ ], or any whitespace. -- 2.47.2