Closed Bug 136506 Opened 21 years ago Closed 21 years ago
can't create new accounts cvs tip 4/8/02
using: http://n0cgi.distributed.net/bugs/createaccount.cgi?login=foo%40bar.com&realname=foo+bar cvs tip bugzilla returns: Content-type: text/html Software error: Attempted to send tainted string 'SELECT eventdata FROM tokens WHERE tokentype = 'emailold' AND eventdata like '%:firstname.lastname@example.org' OR eventdata like 'email@example.com:%'' to the database at globals.pl line 260.
This is a 2.16 blocker, I'd guess. Without having actually tested this, does validateNewUser need to do some escaping (and where does that code deal with stopping someone from hijacking the new email address?) John, this would be your stuff, I assume
Priority: -- → P1
Target Milestone: --- → Bugzilla 2.16
I found it necessary in userprefs.cgi to add trick_taint($login) after CheckEmailSyntax($login) to avoid a taint error in ValidateNewUser. ValidateNewUser does not currently check email syntax, as most invocations have already done this (and CheckEmailSyntax is in CGI.pl). Long term, ValidateNewUser should call CheckEmailSyntax and return useful error messages to be displayed to the user. The code to avoid new email addresses being hijacked is ValidateNewUser. It checks there are no tokens with the specified address (pending changes, or addresses still able to be reverted) and uses DBname_to_id to check against current users.
quick fix - add trick taint to createaccount.cgi
Comment on attachment 78670 [details] [diff] [review] quick fix diff -u, please
I can't reproduce this; can anyone else?
I can reproduce this, which may indicate this is similar to bug 134562.
I'll see if I can work out what is going on later tonight.
Comment on attachment 78670 [details] [diff] [review] quick fix Fixes the problem on perl 5.005, continues to work on perl 5.6, trivial fix/low risk, 2x r=myk
Checking in createaccount.cgi; /cvsroot/mozilla/webtools/bugzilla/createaccount.cgi,v <-- createaccount.cgi new revision: 1.19; previous revision: 1.18 done
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.