From a6f0c8a878c1deb5bb34b36656d8e3bb33763084 Mon Sep 17 00:00:00 2001
From: Don Armstrong <don@donarmstrong.com>
Date: Thu, 9 Aug 2007 11:31:53 -0700
Subject: [PATCH]   - Verify submitter is a valid email according to RFC822    
 (closes: #182419)

---
 debian/changelog   | 2 ++
 debian/control     | 4 ++--
 scripts/service.in | 8 +++++++-
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index b6085a33..94966ae1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -203,6 +203,8 @@ debbugs (2.4.2) UNRELEASED; urgency=low
     - Make sendmail binary location configurable, and use flock instead of
       fcntl. (closes: #260791)
     - Make notfound/notfixed log verbiage more clear (closes: #434953)
+    - Verify submitter is a valid email according to RFC822
+      (closes: #182419)
 
   
  -- Colin Watson <cjwatson@debian.org>  Fri, 20 Jun 2003 18:57:25 +0100
diff --git a/debian/control b/debian/control
index b2e5db2e..a9788f66 100644
--- a/debian/control
+++ b/debian/control
@@ -4,11 +4,11 @@ Priority: extra
 Maintainer: Debbugs developers <debian-debbugs@lists.debian.org>
 Uploaders: Josip Rodin <joy-packages@debian.org>, Colin Watson <cjwatson@debian.org>, Don Armstrong <don@debian.org>
 Standards-Version: 3.2.1
-Build-Depends-Indep: debhelper, libparams-validate-perl, libmailtools-perl, libmime-perl, libio-stringy-perl, libmldbm-perl, liburi-perl, libsoap-lite-perl, libcgi-simple-perl, libhttp-server-simple-perl, libtest-www-mechanize-perl
+Build-Depends-Indep: debhelper, libparams-validate-perl, libmailtools-perl, libmime-perl, libio-stringy-perl, libmldbm-perl, liburi-perl, libsoap-lite-perl, libcgi-simple-perl, libhttp-server-simple-perl, libtest-www-mechanize-perl, libmail-rfc822-address-perl
 
 Package: debbugs
 Architecture: all
-Depends: ${perl:Depends}, exim4 | mail-transport-agent, libdebbugs-perl
+Depends: ${perl:Depends}, exim4 | mail-transport-agent, libdebbugs-perl, libmail-rfc822-address-perl
 Recommends: debbugs-web
 Suggests: spamassassin (>= 3.0), libcgi-alert-perl
 Description: The bug tracking system based on the active Debian BTS
diff --git a/scripts/service.in b/scripts/service.in
index 2353b4f2..0cfe4f0f 100755
--- a/scripts/service.in
+++ b/scripts/service.in
@@ -17,6 +17,8 @@ use Debbugs::CGI qw(html_escape);
 use Debbugs::Control qw(:archive :log);
 use Debbugs::Log qw(:misc);
 
+use Mail::RFC822::Address;
+
 $lib_path = $gLibPath;
 require "$lib_path/errorlib";
 $ENV{'PATH'} = $lib_path.':'.$ENV{'PATH'};
@@ -636,7 +638,11 @@ END
         if ($ref =~ m/^-\d+$/ && defined $clonebugs{$ref}) {
             $ref = $clonebugs{$ref};
         }
-        if (&getbug) {
+	if (not Mail::RFC822::Address::valid($newsubmitter)) {
+	     transcript("$newsubmitter is not a valid e-mail address; not changing submitter\n");
+	     $errors++;
+	}
+        elsif (&getbug) {
             if (&checkpkglimit) {
                 &foundbug;
                 &addmaintainers($data);
-- 
2.39.5