Skip to content

bugzilla
bugzilla
Commit 74601372 authored by lpsolit%gmail.com's avatar lpsolit%gmail.com
Browse files
Options

Bug 304653: remove 'use Bugzilla::Error' from Util.pm - Patch by Frédéric Buclin…

Bug 304653: remove 'use Bugzilla::Error' from Util.pm - Patch by Frédéric Buclin <LpSolit@gmail.com> r=mkanat a=myk
parent 09756eda
Hide whitespace changes
Inline Side-by-side
Showing with 58 additions and 34 deletions
Bugzilla/Search.pm
View file @ 74601372
...@@ -350,14 +350,18 @@ sub init { ...@@ -350,14 +350,18 @@ sub init {
if ($params->param('deadlinefrom')){ if ($params->param('deadlinefrom')){
$deadlinefrom = $params->param('deadlinefrom'); $deadlinefrom = $params->param('deadlinefrom');
Bugzilla::Util::ValidateDate($deadlinefrom, 'deadlinefrom'); validate_date($deadlinefrom)
|| ThrowUserError('illegal_date', {date => $deadlinefrom,
format => 'YYYY-MM-DD'});
$sql_deadlinefrom = &::SqlQuote($deadlinefrom); $sql_deadlinefrom = &::SqlQuote($deadlinefrom);
push(@wherepart, "bugs.deadline >= $sql_deadlinefrom"); push(@wherepart, "bugs.deadline >= $sql_deadlinefrom");
} }
if ($params->param('deadlineto')){ if ($params->param('deadlineto')){
$deadlineto = $params->param('deadlineto'); $deadlineto = $params->param('deadlineto');
Bugzilla::Util::ValidateDate($deadlineto, 'deadlineto'); validate_date($deadlineto)
|| ThrowUserError('illegal_date', {date => $deadlineto,
format => 'YYYY-MM-DD'});
$sql_deadlineto = &::SqlQuote($deadlineto); $sql_deadlineto = &::SqlQuote($deadlineto);
push(@wherepart, "bugs.deadline <= $sql_deadlineto"); push(@wherepart, "bugs.deadline <= $sql_deadlineto");
} }
......
Bugzilla/User.pm
View file @ 74601372
...@@ -1184,7 +1184,7 @@ sub insert_new_user { ...@@ -1184,7 +1184,7 @@ sub insert_new_user {
$password ||= &::GenerateRandomPassword(); $password ||= &::GenerateRandomPassword();
my $cryptpassword = bz_crypt($password); my $cryptpassword = bz_crypt($password);
# XXX - These should be moved into is_available_username or check_email_syntax # XXX - These should be moved into is_available_username or validate_email_syntax
# At the least, they shouldn't be here. They're safe for now, though. # At the least, they shouldn't be here. They're safe for now, though.
trick_taint($username); trick_taint($username);
trick_taint($realname); trick_taint($realname);
......
Bugzilla/Util.pm
View file @ 74601372
...@@ -37,13 +37,13 @@ use base qw(Exporter); ...@@ -37,13 +37,13 @@ use base qw(Exporter);
lsearch max min lsearch max min
diff_arrays diff_strings diff_arrays diff_strings
trim wrap_comment find_wrap_point trim wrap_comment find_wrap_point
format_time format_time_decimal format_time format_time_decimal validate_date
file_mod_time is_7bit_clean file_mod_time is_7bit_clean
bz_crypt check_email_syntax); bz_crypt validate_email_syntax);
use Bugzilla::Config; use Bugzilla::Config;
use Bugzilla::Error;
use Bugzilla::Constants; use Bugzilla::Constants;
use Date::Parse; use Date::Parse;
use Date::Format; use Date::Format;
use Text::Wrap; use Text::Wrap;
...@@ -349,16 +349,15 @@ sub bz_crypt { ...@@ -349,16 +349,15 @@ sub bz_crypt {
return $cryptedpassword; return $cryptedpassword;
} }
sub check_email_syntax { sub validate_email_syntax {
my ($addr) = (@_); my ($addr) = @_;
my $match = Param('emailregexp'); my $match = Param('emailregexp');
if ($addr !~ /$match/ || $addr =~ /[\\\(\)<>&,;:"\[\] \t\r\n]/) { my $ret = ($addr =~ /$match/ && $addr !~ /[\\\(\)<>&,;:"\[\] \t\r\n]/);
ThrowUserError("illegal_email_address", { addr => $addr }); return $ret ? 1 : 0;
}
} }
sub ValidateDate { sub validate_date {
my ($date, $format) = @_; my ($date) = @_;
my $date2; my $date2;
# $ts is undefined if the parser fails. # $ts is undefined if the parser fails.
...@@ -369,9 +368,8 @@ sub ValidateDate { ...@@ -369,9 +368,8 @@ sub ValidateDate {
$date =~ s/(\d+)-0*(\d+?)-0*(\d+?)/$1-$2-$3/; $date =~ s/(\d+)-0*(\d+?)-0*(\d+?)/$1-$2-$3/;
$date2 =~ s/(\d+)-0*(\d+?)-0*(\d+?)/$1-$2-$3/; $date2 =~ s/(\d+)-0*(\d+?)-0*(\d+?)/$1-$2-$3/;
} }
if (!$ts || $date ne $date2) { my $ret = ($ts && $date eq $date2);
ThrowUserError('illegal_date', {date => $date, format => $format}); return $ret ? 1 : 0;
}
} }
sub is_7bit_clean { sub is_7bit_clean {
...@@ -431,7 +429,8 @@ Bugzilla::Util - Generic utility functions for bugzilla ...@@ -431,7 +429,8 @@ Bugzilla::Util - Generic utility functions for bugzilla
$crypted_password = bz_crypt($password); $crypted_password = bz_crypt($password);
# Validation Functions # Validation Functions
check_email_syntax($email); validate_email_syntax($email);
validate_date($date);
=head1 DESCRIPTION =head1 DESCRIPTION
...@@ -670,9 +669,14 @@ characters of the password to anyone who views the encrypted version. ...@@ -670,9 +669,14 @@ characters of the password to anyone who views the encrypted version.
=over 4 =over 4
=item C<check_email_syntax($email)> =item C<validate_email_syntax($email)>
Do a syntax checking for a legal email address and returns 1 if
the check is successful, else returns 0.
=item C<validate_date($date)>
Do a syntax checking for a legal email address. An error is thrown Make sure the date has the correct format and returns 1 if
if the validation fails. the check is successful, else returns 0.
=back =back
createaccount.cgi
View file @ 74601372
...@@ -63,7 +63,10 @@ my $login = $cgi->param('login'); ...@@ -63,7 +63,10 @@ my $login = $cgi->param('login');
if (defined($login)) { if (defined($login)) {
# We've been asked to create an account. # We've been asked to create an account.
my $realname = trim($cgi->param('realname')); my $realname = trim($cgi->param('realname'));
check_email_syntax($login);
validate_email_syntax($login)
|| ThrowUserError('illegal_email_address', {addr => $login});
$vars->{'login'} = $login; $vars->{'login'} = $login;
$dbh->bz_lock_tables('profiles WRITE', 'email_setting WRITE', 'tokens READ'); $dbh->bz_lock_tables('profiles WRITE', 'email_setting WRITE', 'tokens READ');
......
editflagtypes.cgi
View file @ 74601372
...@@ -489,7 +489,10 @@ sub validateCCList { ...@@ -489,7 +489,10 @@ sub validateCCList {
{ cc_list => $cgi->param('cc_list') }); { cc_list => $cgi->param('cc_list') });
my @addresses = split(/[, ]+/, $cgi->param('cc_list')); my @addresses = split(/[, ]+/, $cgi->param('cc_list'));
foreach my $address (@addresses) { check_email_syntax($address) } foreach my $address (@addresses) {
validate_email_syntax($address)
|| ThrowUserError('illegal_email_address', {addr => $address});
}
} }
sub validateProduct { sub validateProduct {
......
editusers.cgi
View file @ 74601372
...@@ -169,9 +169,10 @@ if ($action eq 'search') { ...@@ -169,9 +169,10 @@ if ($action eq 'search') {
# Validity checks # Validity checks
$login || ThrowUserError('user_login_required'); $login || ThrowUserError('user_login_required');
check_email_syntax($login); validate_email_syntax($login)
is_available_username($login) || ThrowUserError('account_exists', || ThrowUserError('illegal_email_address', {addr => $login});
{'email' => $login}); is_available_username($login)
|| ThrowUserError('account_exists', {email => $login});
ValidatePassword($password); ValidatePassword($password);
# Login and password are validated now, and realname and disabledtext # Login and password are validated now, and realname and disabledtext
...@@ -245,9 +246,11 @@ if ($action eq 'search') { ...@@ -245,9 +246,11 @@ if ($action eq 'search') {
if ($login ne $loginold) { if ($login ne $loginold) {
# Validate, then trick_taint. # Validate, then trick_taint.
$login || ThrowUserError('user_login_required'); $login || ThrowUserError('user_login_required');
check_email_syntax($login); validate_email_syntax($login)
is_available_username($login) || ThrowUserError('account_exists', || ThrowUserError('illegal_email_address', {addr => $login});
{'email' => $login}); is_available_username($login)
|| ThrowUserError('account_exists', {email => $login});
trick_taint($login); trick_taint($login);
push(@changedFields, 'login_name'); push(@changedFields, 'login_name');
push(@values, $login); push(@values, $login);
......
post_bug.cgi
View file @ 74601372
...@@ -29,6 +29,7 @@ use lib qw(.); ...@@ -29,6 +29,7 @@ use lib qw(.);
require "globals.pl"; require "globals.pl";
use Bugzilla; use Bugzilla;
use Bugzilla::Constants; use Bugzilla::Constants;
use Bugzilla::Util;
use Bugzilla::Bug; use Bugzilla::Bug;
use Bugzilla::User; use Bugzilla::User;
use Bugzilla::Field; use Bugzilla::Field;
...@@ -309,7 +310,9 @@ if (UserInGroup(Param("timetrackinggroup")) && ...@@ -309,7 +310,9 @@ if (UserInGroup(Param("timetrackinggroup")) &&
} }
if ((UserInGroup(Param("timetrackinggroup"))) && ($cgi->param('deadline'))) { if ((UserInGroup(Param("timetrackinggroup"))) && ($cgi->param('deadline'))) {
Bugzilla::Util::ValidateDate($cgi->param('deadline'), 'YYYY-MM-DD'); validate_date($cgi->param('deadline'))
|| ThrowUserError('illegal_date', {date => $cgi->param('deadline'),
format => 'YYYY-MM-DD'});
$sql .= SqlQuote($cgi->param('deadline')); $sql .= SqlQuote($cgi->param('deadline'));
} else { } else {
$sql .= "NULL"; $sql .= "NULL";
......
process_bug.cgi
View file @ 74601372
...@@ -1103,7 +1103,9 @@ if (UserInGroup(Param('timetrackinggroup'))) { ...@@ -1103,7 +1103,9 @@ if (UserInGroup(Param('timetrackinggroup'))) {
DoComma(); DoComma();
$::query .= "deadline = "; $::query .= "deadline = ";
if ($cgi->param('deadline')) { if ($cgi->param('deadline')) {
Bugzilla::Util::ValidateDate($cgi->param('deadline'), 'YYYY-MM-DD'); validate_date($cgi->param('deadline'))
|| ThrowUserError('illegal_date', {date => $cgi->param('deadline'),
format => 'YYYY-MM-DD'});
$::query .= SqlQuote($cgi->param('deadline')); $::query .= SqlQuote($cgi->param('deadline'));
} else { } else {
$::query .= "NULL" ; $::query .= "NULL" ;
......
token.cgi
View file @ 74601372
...@@ -110,9 +110,10 @@ if ( $::action eq 'reqpw' ) { ...@@ -110,9 +110,10 @@ if ( $::action eq 'reqpw' ) {
ThrowUserError("password_change_requests_not_allowed"); ThrowUserError("password_change_requests_not_allowed");
} }
# Make sure the login name looks like an email address. This function # Make sure the login name looks like an email address.
# displays its own error and stops execution if the login name looks wrong. validate_email_syntax($cgi->param('loginname'))
check_email_syntax($cgi->param('loginname')); || ThrowUserError('illegal_email_address',
{addr => $cgi->param('loginname')});
my $quotedloginname = SqlQuote($cgi->param('loginname')); my $quotedloginname = SqlQuote($cgi->param('loginname'));
SendSQL("SELECT userid FROM profiles WHERE " . SendSQL("SELECT userid FROM profiles WHERE " .
......
userprefs.cgi
View file @ 74601372
...@@ -117,7 +117,8 @@ sub SaveAccount { ...@@ -117,7 +117,8 @@ sub SaveAccount {
} }
# Before changing an email address, confirm one does not exist. # Before changing an email address, confirm one does not exist.
check_email_syntax($new_login_name); validate_email_syntax($new_login_name)
|| ThrowUserError('illegal_email_address', {addr => $new_login_name});
trick_taint($new_login_name); trick_taint($new_login_name);
is_available_username($new_login_name) is_available_username($new_login_name)
|| ThrowUserError("account_exists", {email => $new_login_name}); || ThrowUserError("account_exists", {email => $new_login_name});
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment