vitalif
/
bugzilla-4intranet
mirror of https://github.com/vitalif/bugzilla-4intranet
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix CVE-2015-4499

3col
Vitaliy Filippov 2015-09-18 14:30:37 +03:00
parent c40b798345
commit dc07c69094
2 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Bugzilla/Token.pm
View File

@ -75,14 +75,15 @@ sub issue_new_user_account_token {
ThrowUserError('too_soon_for_new_token', {'type' => 'account'}) if $pending_requests;
my ($token, $token_ts) = _create_token(undef, 'account', $login_name);
(undef, undef, $login_name) = Bugzilla::Token::GetTokenData($token);
$vars->{'email'} = $login_name . Bugzilla->params->{'emailsuffix'};
$vars->{'expiration_ts'} = ctime($token_ts + MAX_TOKEN_AGE * 86400);
$vars->{'token'} = $token;
$vars->{email} = $login_name . Bugzilla->params->{emailsuffix};
$vars->{expiration_ts} = ctime($token_ts + MAX_TOKEN_AGE * 86400);
$vars->{token} = $token;
my $message;
$template->process('account/email/request-new.txt.tmpl', $vars, \$message)
|| ThrowTemplateError($template->error());
|| ThrowTemplateError($template->error());
# In 99% of cases, the user getting the confirmation email is the same one
# who made the request, and so it is reasonable to send the email in the same

2
Bugzilla/Util.pm
View File

@ -719,7 +719,7 @@ sub validate_email_syntax
{
my ($addr) = @_;
my $match = Bugzilla->params->{emailregexp};
my $ret = ($addr =~ /$match/ && $addr !~ /[\\\(\)<>&,;:\"\[\] \t\r\n]/);
my $ret = ($addr =~ /$match/ && $addr !~ /[\\\(\)<>&,;:\"\[\] \t\r\n]/ && length $addr <= 255);
if ($ret)
{
# We assume these checks to suffice to consider the address untainted.