зеркало из https://github.com/mozilla/pjs.git
Bug 280994 : Move ValidateNewUser out of globals.pl
Patch by Max Kanat-Alexander <mkanat@kerio.com> r=vladd a=justdave
This commit is contained in:
Родитель
4c96c941e2
Коммит
ef320261d4
|
@ -33,7 +33,7 @@ use strict;
|
|||
|
||||
use Bugzilla::Config;
|
||||
use Bugzilla::Constants;
|
||||
use Bugzilla::User qw(insert_new_user);
|
||||
use Bugzilla::User;
|
||||
|
||||
use Net::LDAP;
|
||||
|
||||
|
|
|
@ -40,7 +40,7 @@ use Bugzilla::Constants;
|
|||
use Bugzilla::Auth;
|
||||
|
||||
use base qw(Exporter);
|
||||
@Bugzilla::User::EXPORT_OK = qw(insert_new_user);
|
||||
@Bugzilla::User::EXPORT = qw(insert_new_user is_available_username);
|
||||
|
||||
################################################################################
|
||||
# Functions
|
||||
|
@ -958,6 +958,40 @@ sub insert_new_user ($$) {
|
|||
return $password;
|
||||
}
|
||||
|
||||
sub is_available_username ($;$) {
|
||||
my ($username, $old_username) = @_;
|
||||
|
||||
if(&::DBname_to_id($username) != 0) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
my $dbh = Bugzilla->dbh;
|
||||
# $username is safe because it is only used in SELECT placeholders.
|
||||
trick_taint($username);
|
||||
# Reject if the new login is part of an email change which is
|
||||
# still in progress
|
||||
#
|
||||
# substring/locate stuff: bug 165221; this used to use regexes, but that
|
||||
# was unsafe and required weird escaping; using substring to pull out
|
||||
# the new/old email addresses and locate() to find the delimeter (':')
|
||||
# is cleaner/safer
|
||||
my $sth = $dbh->prepare(
|
||||
"SELECT eventdata FROM tokens WHERE tokentype = 'emailold'
|
||||
AND SUBSTRING(eventdata, 1, (LOCATE(':', eventdata) - 1)) = ?
|
||||
OR SUBSTRING(eventdata, (LOCATE(':', eventdata) + 1)) = ?");
|
||||
$sth->execute($username, $username);
|
||||
|
||||
if (my ($eventdata) = $sth->fetchrow_array()) {
|
||||
# Allow thru owner of token
|
||||
if($old_username && ($eventdata eq "$old_username:$username")) {
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
1;
|
||||
|
||||
__END__
|
||||
|
@ -1183,6 +1217,19 @@ Params: $username (scalar, string) - The login name for the new user.
|
|||
|
||||
Returns: The password that we randomly generated for this user, in plain text.
|
||||
|
||||
=item C<is_available_username>
|
||||
|
||||
Returns a boolean indicating whether or not the supplied username is
|
||||
already taken in Bugzilla.
|
||||
|
||||
Params: $username (scalar, string) - The full login name of the username
|
||||
that you are checking.
|
||||
$old_username (scalar, string) - If you are checking an email-change
|
||||
token, insert the "old" username that the user is changing from,
|
||||
here. Then, as long as it's the right user for that token, he
|
||||
can change his username to $username. (That is, this function
|
||||
will return a boolean true value).
|
||||
|
||||
=back
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
|
|
@ -30,7 +30,7 @@ use lib qw(.);
|
|||
|
||||
require "CGI.pl";
|
||||
|
||||
use Bugzilla::User qw(insert_new_user);
|
||||
use Bugzilla::User;
|
||||
|
||||
# Shut up misguided -w warnings about "used only once":
|
||||
use vars qw(
|
||||
|
@ -61,7 +61,7 @@ if (defined($login)) {
|
|||
CheckEmailSyntax($login);
|
||||
$vars->{'login'} = $login;
|
||||
|
||||
if (!ValidateNewUser($login)) {
|
||||
if (!is_available_username($login)) {
|
||||
# Account already exists
|
||||
$template->process("account/exists.html.tmpl", $vars)
|
||||
|| ThrowTemplateError($template->error());
|
||||
|
|
|
@ -434,7 +434,7 @@ if ($action eq 'new') {
|
|||
PutTrailer($localtrailer);
|
||||
exit;
|
||||
}
|
||||
if (!ValidateNewUser($user)) {
|
||||
if (!is_available_username($user)) {
|
||||
print "The user '$user' does already exist. Please press\n";
|
||||
print "<b>Back</b> and try again.\n";
|
||||
PutTrailer($localtrailer);
|
||||
|
|
|
@ -375,39 +375,6 @@ sub GetVersionTable {
|
|||
$::VersionTableLoaded = 1;
|
||||
}
|
||||
|
||||
# Validates a given username as a new username
|
||||
# returns 1 if valid, 0 if invalid
|
||||
sub ValidateNewUser {
|
||||
my ($username, $old_username) = @_;
|
||||
|
||||
if(DBname_to_id($username) != 0) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
my $sqluname = SqlQuote($username);
|
||||
|
||||
# Reject if the new login is part of an email change which is
|
||||
# still in progress
|
||||
#
|
||||
# substring/locate stuff: bug 165221; this used to use regexes, but that
|
||||
# was unsafe and required weird escaping; using substring to pull out
|
||||
# the new/old email addresses and locate() to find the delimeter (':')
|
||||
# is cleaner/safer
|
||||
SendSQL("SELECT eventdata FROM tokens WHERE tokentype = 'emailold'
|
||||
AND SUBSTRING(eventdata, 1, (LOCATE(':', eventdata) - 1)) = $sqluname
|
||||
OR SUBSTRING(eventdata, (LOCATE(':', eventdata) + 1)) = $sqluname");
|
||||
|
||||
if (my ($eventdata) = FetchSQLData()) {
|
||||
# Allow thru owner of token
|
||||
if($old_username && ($eventdata eq "$old_username:$username")) {
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
sub GenerateRandomPassword {
|
||||
my $size = (shift or 10); # default to 10 chars if nothing specified
|
||||
return join("", map{ ('0'..'9','a'..'z','A'..'Z')[rand 62] } (1..$size));
|
||||
|
|
|
@ -243,7 +243,7 @@ sub changeEmail {
|
|||
}
|
||||
# The new email address should be available as this was
|
||||
# confirmed initially so cancel token if it is not still available
|
||||
if (! ValidateNewUser($new_email,$old_email)) {
|
||||
if (! is_available_username($new_email,$old_email)) {
|
||||
$vars->{'email'} = $new_email; # Needed for Bugzilla::Token::Cancel's mail
|
||||
Bugzilla::Token::Cancel($::token,"account_exists");
|
||||
ThrowUserError("account_exists", { email => $new_email } );
|
||||
|
|
|
@ -29,6 +29,7 @@ use Bugzilla;
|
|||
use Bugzilla::Constants;
|
||||
use Bugzilla::Search;
|
||||
use Bugzilla::Auth;
|
||||
use Bugzilla::User;
|
||||
|
||||
require "CGI.pl";
|
||||
|
||||
|
@ -122,7 +123,7 @@ sub SaveAccount {
|
|||
# Before changing an email address, confirm one does not exist.
|
||||
CheckEmailSyntax($new_login_name);
|
||||
trick_taint($new_login_name);
|
||||
ValidateNewUser($new_login_name)
|
||||
is_available_username($new_login_name)
|
||||
|| ThrowUserError("account_exists", {email => $new_login_name});
|
||||
|
||||
Bugzilla::Token::IssueEmailChangeToken($userid,$old_login_name,
|
||||
|
|
Загрузка…
Ссылка в новой задаче