mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 280994 : Move ValidateNewUser out of globals.pl 

Patch by Max Kanat-Alexander <mkanat@kerio.com>  r=vladd  a=justdave
This commit is contained in:
travis%sedsystems.ca 2005-02-09 06:42:43 +00:00
Родитель 4c96c941e2
Коммит ef320261d4
7 изменённых файлов: 55 добавлений и 40 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
webtools/bugzilla/Bugzilla/Auth/Verify/LDAP.pm
Просмотреть файл

@ -33,7 +33,7 @@ use strict;
use Bugzilla::Config; use Bugzilla::Config;
use Bugzilla::Constants; use Bugzilla::Constants;
use Bugzilla::User qw(insert_new_user); use Bugzilla::User;
use Net::LDAP; use Net::LDAP;

49
webtools/bugzilla/Bugzilla/User.pm
Просмотреть файл

@ -40,7 +40,7 @@ use Bugzilla::Constants;
use Bugzilla::Auth; use Bugzilla::Auth;
use base qw(Exporter); use base qw(Exporter);
@Bugzilla::User::EXPORT_OK = qw(insert_new_user); @Bugzilla::User::EXPORT = qw(insert_new_user is_available_username);
################################################################################ ################################################################################
# Functions # Functions
@ -958,6 +958,40 @@ sub insert_new_user ($$) {
return $password; return $password;
} }
sub is_available_username ($;$) {
my ($username, $old_username) = @_;
if(&::DBname_to_id($username) != 0) {
return 0;
}
my $dbh = Bugzilla->dbh;
# $username is safe because it is only used in SELECT placeholders.
trick_taint($username);
# Reject if the new login is part of an email change which is
# still in progress
#
# substring/locate stuff: bug 165221; this used to use regexes, but that
# was unsafe and required weird escaping; using substring to pull out
# the new/old email addresses and locate() to find the delimeter (':')
# is cleaner/safer
my $sth = $dbh->prepare(
"SELECT eventdata FROM tokens WHERE tokentype = 'emailold'
AND SUBSTRING(eventdata, 1, (LOCATE(':', eventdata) - 1)) = ?
OR SUBSTRING(eventdata, (LOCATE(':', eventdata) + 1)) = ?");
$sth->execute($username, $username);
if (my ($eventdata) = $sth->fetchrow_array()) {
# Allow thru owner of token
if($old_username && ($eventdata eq "$old_username:$username")) {
return 1;
}
return 0;
}
return 1;
}
1; 1;
__END__ __END__
@ -1183,6 +1217,19 @@ Params: $username (scalar, string) - The login name for the new user.
Returns: The password that we randomly generated for this user, in plain text. Returns: The password that we randomly generated for this user, in plain text.
=item C<is_available_username>
Returns a boolean indicating whether or not the supplied username is
already taken in Bugzilla.
Params: $username (scalar, string) - The full login name of the username
that you are checking.
$old_username (scalar, string) - If you are checking an email-change
token, insert the "old" username that the user is changing from,
here. Then, as long as it's the right user for that token, he
can change his username to $username. (That is, this function
will return a boolean true value).
=back =back
=head1 SEE ALSO =head1 SEE ALSO

4
webtools/bugzilla/createaccount.cgi
Просмотреть файл

@ -30,7 +30,7 @@ use lib qw(.);
require "CGI.pl"; require "CGI.pl";
use Bugzilla::User qw(insert_new_user); use Bugzilla::User;
# Shut up misguided -w warnings about "used only once": # Shut up misguided -w warnings about "used only once":
use vars qw( use vars qw(
@ -61,7 +61,7 @@ if (defined($login)) {
CheckEmailSyntax($login); CheckEmailSyntax($login);
$vars->{'login'} = $login; $vars->{'login'} = $login;
if (!ValidateNewUser($login)) { if (!is_available_username($login)) {
# Account already exists # Account already exists
$template->process("account/exists.html.tmpl", $vars) $template->process("account/exists.html.tmpl", $vars)
|| ThrowTemplateError($template->error()); || ThrowTemplateError($template->error());

2
webtools/bugzilla/editusers.cgi
Просмотреть файл

@ -434,7 +434,7 @@ if ($action eq 'new') {
PutTrailer($localtrailer); PutTrailer($localtrailer);
exit; exit;
} }
if (!ValidateNewUser($user)) { if (!is_available_username($user)) {
print "The user '$user' does already exist. Please press\n"; print "The user '$user' does already exist. Please press\n";
print "<b>Back</b> and try again.\n"; print "<b>Back</b> and try again.\n";
PutTrailer($localtrailer); PutTrailer($localtrailer);

33
webtools/bugzilla/globals.pl
Просмотреть файл

@ -375,39 +375,6 @@ sub GetVersionTable {
$::VersionTableLoaded = 1; $::VersionTableLoaded = 1;
} }
# Validates a given username as a new username
# returns 1 if valid, 0 if invalid
sub ValidateNewUser {
my ($username, $old_username) = @_;
if(DBname_to_id($username) != 0) {
return 0;
}
my $sqluname = SqlQuote($username);
# Reject if the new login is part of an email change which is
# still in progress
#
# substring/locate stuff: bug 165221; this used to use regexes, but that
# was unsafe and required weird escaping; using substring to pull out
# the new/old email addresses and locate() to find the delimeter (':')
# is cleaner/safer
SendSQL("SELECT eventdata FROM tokens WHERE tokentype = 'emailold'
AND SUBSTRING(eventdata, 1, (LOCATE(':', eventdata) - 1)) = $sqluname
OR SUBSTRING(eventdata, (LOCATE(':', eventdata) + 1)) = $sqluname");
if (my ($eventdata) = FetchSQLData()) {
# Allow thru owner of token
if($old_username && ($eventdata eq "$old_username:$username")) {
return 1;
}
return 0;
}
return 1;
}
sub GenerateRandomPassword { sub GenerateRandomPassword {
my $size = (shift or 10); # default to 10 chars if nothing specified my $size = (shift or 10); # default to 10 chars if nothing specified
return join("", map{ ('0'..'9','a'..'z','A'..'Z')[rand 62] } (1..$size)); return join("", map{ ('0'..'9','a'..'z','A'..'Z')[rand 62] } (1..$size));

2
webtools/bugzilla/token.cgi
Просмотреть файл

@ -243,7 +243,7 @@ sub changeEmail {
} }
# The new email address should be available as this was # The new email address should be available as this was
# confirmed initially so cancel token if it is not still available # confirmed initially so cancel token if it is not still available
if (! ValidateNewUser($new_email,$old_email)) { if (! is_available_username($new_email,$old_email)) {
$vars->{'email'} = $new_email; # Needed for Bugzilla::Token::Cancel's mail $vars->{'email'} = $new_email; # Needed for Bugzilla::Token::Cancel's mail
Bugzilla::Token::Cancel($::token,"account_exists"); Bugzilla::Token::Cancel($::token,"account_exists");
ThrowUserError("account_exists", { email => $new_email } ); ThrowUserError("account_exists", { email => $new_email } );

3
webtools/bugzilla/userprefs.cgi
Просмотреть файл

@ -29,6 +29,7 @@ use Bugzilla;
use Bugzilla::Constants; use Bugzilla::Constants;
use Bugzilla::Search; use Bugzilla::Search;
use Bugzilla::Auth; use Bugzilla::Auth;
use Bugzilla::User;
require "CGI.pl"; require "CGI.pl";
@ -122,7 +123,7 @@ sub SaveAccount {
# Before changing an email address, confirm one does not exist. # Before changing an email address, confirm one does not exist.
CheckEmailSyntax($new_login_name); CheckEmailSyntax($new_login_name);
trick_taint($new_login_name); trick_taint($new_login_name);
ValidateNewUser($new_login_name) is_available_username($new_login_name)
|| ThrowUserError("account_exists", {email => $new_login_name}); || ThrowUserError("account_exists", {email => $new_login_name});
Bugzilla::Token::IssueEmailChangeToken($userid,$old_login_name, Bugzilla::Token::IssueEmailChangeToken($userid,$old_login_name,