Prevent usertags created at submit time from including invalid trailing chars

There were two regex validating included characters but the one used at submit
time only checked for valid characters at the start of the usertag string.

Also factor the usertag validity regex into a function to reduce duplication.

Fixes: commit d8c69d152175704304656c19e1da1043fd24491e

diff --git a/lib/Debbugs/Control.pm b/lib/Debbugs/Control.pm
index 1f8b3aac60d3cb98fe5264795fc7806e795c4bac..38b83abfdba0806040825bad3d8cc2ec288535cc 100644 (file)
--- a/lib/Debbugs/Control.pm
+++ b/lib/Debbugs/Control.pm
@@ -3295,6 +3295,20 @@ sub bug_unarchive {
      __end_control(%info);
 }
 
+= head2 valid_usertag
+
+     valid_usertag
+
+This checks if the usertag contains valid characters or not.
+
+=cut
+
+sub valid_usertag {
+    my $usertag = shift;
+    return $usertag =~ m/^[a-zA-Z0-9.+\@-]+$/;
+}
+
+
 =head2 append_action_to_log
 
      append_action_to_log

diff --git a/scripts/process b/scripts/process
index 66fa43428341ca4b609b27cd80a70195dcdd7e8c..4e4d97afbe816f002b0adb941aa2282733221ccd 100755 (executable)
--- a/scripts/process
+++ b/scripts/process
@@ -30,7 +30,7 @@ use Debbugs::Text qw(:templates);
 
 use Debbugs::Config qw(:globals :config);
 
-use Debbugs::Control qw(append_action_to_log);
+use Debbugs::Control qw(append_action_to_log valid_usertag);
 use Debbugs::Control::Service qw(valid_control control_line);
 use Debbugs::Recipients qw(determine_recipients);
 use Encode qw(encode_utf8 decode);
@@ -723,7 +723,7 @@ if ($ref<0) { # new bug report
             read_usertags(\%user_tags, $current_user);
             $value =~ s/(?:^\s+|\s+$)//g;
             for my $tag (split /[,\s]+/, $value) {
-                if ($tag =~ /^[a-zA-Z0-9.+\@-]+/) {
+                if (valid_usertag($tag)) {
                     my %bugs_with_tag;
                     @bugs_with_tag{@{$user_tags{$tag}||[]}} = (1) x @{$user_tags{$tag}||[]};
                     $bugs_with_tag{$ref} = 1;

diff --git a/scripts/service b/scripts/service
index cdb70bb2db049e75b9c092889a93ad4fb6ed7621..df3bc2c04b070a26063728c00f3e7344f0bf75bb 100755 (executable)
--- a/scripts/service
+++ b/scripts/service
@@ -32,7 +32,7 @@ use Debbugs::Versions::Dpkg;
 use Debbugs::Status qw(splitpackages);
 
 use Debbugs::CGI qw(html_escape);
-use Debbugs::Control qw(:all);
+use Debbugs::Control qw(:all valid_usertag);
 use Debbugs::Control::Service qw(:all);
 use Debbugs::Log qw(:misc);
 use Debbugs::Text qw(:templates);
@@ -425,7 +425,7 @@ END
            my %chtags;
            if (defined $tags and length $tags) {
                 for my $t (split /[,\s]+/, $tags) {
-                     if ($t =~ m/^[a-zA-Z0-9.+\@-]+$/) {
+                     if (valid_usertag($t)) {
                           $chtags{$t} = 1;
                      } else {
                           push @badtags, $t;