Closed Bug 113459 Opened 22 years ago Closed 22 years ago

Bad regexp in emailregexp causes system lockout

Categories

(Bugzilla :: Administration, task, P2)

Product:
Bugzilla
Component:
Administration
Version:
2.14
Platform:
x86
Linux
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 2.18

People

(Reporter: bugreport, Assigned: justdave)

Details

Attachments

(1 file, 2 obsolete files)

this one....
954 bytes, patch
bbaetz
: review+
bbaetz
: review+
Details | Diff | Splinter Review 
If the preferences web interface is used to change emailregexp to 

$::param{'emailregexp'} = '^[^@]*@[^@]**$';

Subsequent login attempts result in....

Software error:

/^[^@]*@[^@]**$/: nested *?+ in regexp at CGI.pl line 707. 


And it is no longer possible to log in and fix it.   

Workaround - edit data/params to fix the erroneous pattern.

Suggested fix - add validation of regexps to forms that permit users to enter 
them
Priority: -- → P2
Target Milestone: --- → Bugzilla 2.18
Attached patch Patch to test email regexps (obsolete) — Splinter Review 
Ok... about time to fix this
Comment on attachment 93380 [details] [diff] [review]
Patch to test email regexps

Put the \&checkregexp on a separate line to match prevailing style.

Also, eval qr/$value/ rather than doing a dummy match - its 'nicer'
Attachment #93380 - Flags: review-
Attached patch cleaner version (obsolete) — Splinter Review 

    
    

    
  

      
      
      
      

        Attached patch
          
          
        this one....Splinter Review
      

    


  

        Attachment #93380 -
        Attachment is obsolete: true

        Attachment #93381 -
        Attachment is obsolete: true

    
    

    
  
Comment on attachment 93382 [details] [diff] [review]
this one....

>+sub checkregexp {
>+    my ($value) = (@_);
>+    eval { qr/$value/ };
>+    return $@ ;
>+}

r=bbaetz x2 if you remove the space before the ;

        Attachment #93382 -
        Flags: review+

    
    

    
  
Checking in defparams.pl;
/cvsroot/mozilla/webtools/bugzilla/defparams.pl,v  <--  defparams.pl
new revision: 1.81; previous revision: 1.80
done                                                    

Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
QA Contact: matty_is_a_geek → default-qa

          You need to log in
          before you can comment on or make changes to this bug.