Closed Bug 127862 Opened 18 years ago Closed 16 years ago

Sanity Check fails if regex excludes email-adresses with uppercase letters

Categories

(Bugzilla :: Administration, task, P3)

2.15

Tracking

()

RESOLVED FIXED
Bugzilla 2.18

People

(Reporter: andreas.hoefler, Assigned: bugreport)

References

Details

Attachments

(1 file, 1 obsolete file)

The Sanity Check reports every lowercase emailadress as invalid, if the regexp
in the parameters is set to allow no uppercase letters in e-mail-addresses.

emailregexp: ^[^@A-Z]+@[^@A-Z]+\.[^@A-Z]+$

An e-mail-address like "andreas.hoefler@infonova.at" results in following
line(s) when sanity-checking:

...
Checking profile logins
Bad profile email address, id=1, <andreas.hoefler@infonova.at>.
...
Status("Checking profile logins");

my $emailregexp = Param("emailregexp");
$emailregexp =~ s/'/\\'/g;
SendSQL("SELECT userid, login_name FROM profiles " .
        "WHERE login_name NOT REGEXP '" . $emailregexp . "'");

We're passing the regexp to the SQL....

MySQL is NOT case sensitive.  so you're effectively blocking all alphabetical
characters of either case.

Do we use MySQL's regexp everywhere else in Bugzilla where we check the
emailregexp, or are we using Perl's regexp?  If we're using Perl's regexp
everywhere else, this is inconsistent...
On the "Create Account"-Page the regexp gets parsed correctly, so only
e-mail-addresses with all chars lowercase can be used to create an account. Only
the sanitycheck has cried so far for me.
http://www.mysql.com/doc/P/a/Pattern_matching.html

After we require > 3.23.4, we can use BINARY to be case sensitive.
Depends on: 87958
Why don't just use the same procedure as it is used in CheckEmailSyntax? This is
the function which is used to check the syntax when creating an BZ-account.
In this function the line(s) (in CGI.pl)
...
    my $match = Param('emailregexp');
    if ($addr !~ /$match/ || $addr =~ /[\\\(\)<>&,;:"\[\] \t\r\n]/) {
...
do the whole magic.
I don't think that it is necessary to shift the whole work to MySQL.
No longer depends on: 87958
Accidentially blew up the dependency, correcting it. Sorry for the spam...
Depends on: 87958
Theoretically moving this to MySQL could be faster but I doubt in practice it
would be.  I think BINARY is the way to go, and put it in an appropriate sub
when we support PgSQL if it's different.
Priority: -- → P3
Target Milestone: --- → Bugzilla 2.18
Attached patch Patch - use perl for regexp (obsolete) — Splinter Review
It just doesn't take that long to do this in perl.  This is sanitycheck.cgi,
not buglist.cgi.  This makes it compatible once and for all and doesn't set us
up for problems with other types of databases later.
Assignee: justdave → bugreport
Status: NEW → ASSIGNED
Comment on attachment 144721 [details] [diff] [review]
Patch - use perl for regexp

doh!  goofed
Attachment #144721 - Attachment is obsolete: true
Attached patch The right patchSplinter Review
Attachment #144723 - Flags: review?
Comment on attachment 144723 [details] [diff] [review]
The right patch

There is an extra quoted space at the end of the SendSQL line:

+SendSQL("SELECT userid, login_name FROM profiles ");

r=vlad with this change.
Attachment #144723 - Flags: review? → review+
Flags: blocking2.18?
Flags: approval?
OS: Windows 2000 → All
Hardware: PC → All
Flags: blocking2.18?
Flags: blocking2.18+
Flags: approval?
Flags: approval+
Checking in sanitycheck.cgi;
/cvsroot/mozilla/webtools/bugzilla/sanitycheck.cgi,v  <--  sanitycheck.cgi
new revision: 1.70; previous revision: 1.69
done
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
*** Bug 241172 has been marked as a duplicate of this bug. ***
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.