Prevent usertags created at submit time from including invalid trailing chars

There were two regex validating included characters but the one used at submit
time only checked for valid characters at the start of the usertag string.

Also factor the usertag validity regex into a function to reduce duplication.

Fixes: commit d8c69d152175704304656c19e1da1043fd24491e

diff --git a/Debbugs/Control.pm b/Debbugs/Control.pm
index 1f8b3aac60d3cb98fe5264795fc7806e795c4bac..38b83abfdba0806040825bad3d8cc2ec288535cc 100644 (file)
--- a/Debbugs/Control.pm
+++ b/Debbugs/Control.pm
@@ -3295,6 +3295,20 @@ sub bug_unarchive {
      __end_control(%info);
 }
 
+= head2 valid_usertag
+
+     valid_usertag
+
+This checks if the usertag contains valid characters or not.
+
+=cut
+
+sub valid_usertag {
+    my $usertag = shift;
+    return $usertag =~ m/^[a-zA-Z0-9.+\@-]+$/;
+}
+
+
 =head2 append_action_to_log
 
      append_action_to_log

diff --git a/scripts/process b/scripts/process
index 73a74d0757d85fa7323e15a041a7a96de3217969..b40360323cd77f8e805013ec9180ff59406811c7 100755 (executable)
--- a/scripts/process
+++ b/scripts/process
@@ -30,7 +30,7 @@ use Debbugs::Text qw(:templates);
 
 use Debbugs::Config qw(:globals :config);
 
-use Debbugs::Control qw(append_action_to_log);
+use Debbugs::Control qw(append_action_to_log valid_usertag);
 use Debbugs::Control::Service qw(valid_control control_line);
 use Debbugs::Recipients qw(determine_recipients);
 use Encode qw(encode_utf8 decode);
@@ -721,7 +721,7 @@ if ($ref<0) { # new bug report
             read_usertags(\%user_tags, $current_user);
             $value =~ s/(?:^\s+|\s+$)//g;
             for my $tag (split /[,\s]+/, $value) {
-                if ($tag =~ /^[a-zA-Z0-9.+\@-]+/) {
+                if (valid_usertag($tag)) {
                     my %bugs_with_tag;
                     @bugs_with_tag{@{$user_tags{$tag}||[]}} = (1) x @{$user_tags{$tag}||[]};
                     $bugs_with_tag{$ref} = 1;

diff --git a/scripts/service b/scripts/service
index da6474a48da9d6fc9d52c8997c69b07fbbb55dfc..364a0ed955acd9519a2ea3175ddbc1c1021f5acd 100755 (executable)
--- a/scripts/service
+++ b/scripts/service
@@ -32,7 +32,7 @@ use Debbugs::Versions::Dpkg;
 use Debbugs::Status qw(splitpackages);
 
 use Debbugs::CGI qw(html_escape);
-use Debbugs::Control qw(:all);
+use Debbugs::Control qw(:all valid_usertag);
 use Debbugs::Control::Service qw(:all);
 use Debbugs::Log qw(:misc);
 use Debbugs::Text qw(:templates);
@@ -425,7 +425,7 @@ END
            my %chtags;
            if (defined $tags and length $tags) {
                 for my $t (split /[,\s]+/, $tags) {
-                     if ($t =~ m/^[a-zA-Z0-9.+\@-]+$/) {
+                     if (valid_usertag($t)) {
                           $chtags{$t} = 1;
                      } else {
                           push @badtags, $t;