From: Paul Wise <pabs@debian.org>
Date: Fri, 2 Dec 2022 01:16:49 +0000 (+0800)
Subject: Prevent usertags created at submit time from including invalid trailing chars
X-Git-Url: https://git.donarmstrong.com/?p=debbugs.git;a=commitdiff_plain;h=ef4c574be2696bd0161cccb643e2968e295b782e

Prevent usertags created at submit time from including invalid trailing chars

There were two regex validating included characters but the one used at submit
time only checked for valid characters at the start of the usertag string.

Also factor the usertag validity regex into a function to reduce duplication.

Fixes: commit d8c69d152175704304656c19e1da1043fd24491e
---

diff --git a/Debbugs/Control.pm b/Debbugs/Control.pm
index 1f8b3aa..38b83ab 100644
--- a/Debbugs/Control.pm
+++ b/Debbugs/Control.pm
@@ -3295,6 +3295,20 @@ sub bug_unarchive {
      __end_control(%info);
 }
 
+= head2 valid_usertag
+
+     valid_usertag
+
+This checks if the usertag contains valid characters or not.
+
+=cut
+
+sub valid_usertag {
+    my $usertag = shift;
+    return $usertag =~ m/^[a-zA-Z0-9.+\@-]+$/;
+}
+
+
 =head2 append_action_to_log
 
      append_action_to_log
diff --git a/scripts/process b/scripts/process
index 73a74d0..b403603 100755
--- a/scripts/process
+++ b/scripts/process
@@ -30,7 +30,7 @@ use Debbugs::Text qw(:templates);
 
 use Debbugs::Config qw(:globals :config);
 
-use Debbugs::Control qw(append_action_to_log);
+use Debbugs::Control qw(append_action_to_log valid_usertag);
 use Debbugs::Control::Service qw(valid_control control_line);
 use Debbugs::Recipients qw(determine_recipients);
 use Encode qw(encode_utf8 decode);
@@ -721,7 +721,7 @@ if ($ref<0) { # new bug report
             read_usertags(\%user_tags, $current_user);
             $value =~ s/(?:^\s+|\s+$)//g;
             for my $tag (split /[,\s]+/, $value) {
-                if ($tag =~ /^[a-zA-Z0-9.+\@-]+/) {
+                if (valid_usertag($tag)) {
                     my %bugs_with_tag;
                     @bugs_with_tag{@{$user_tags{$tag}||[]}} = (1) x @{$user_tags{$tag}||[]};
                     $bugs_with_tag{$ref} = 1;
diff --git a/scripts/service b/scripts/service
index da6474a..364a0ed 100755
--- a/scripts/service
+++ b/scripts/service
@@ -32,7 +32,7 @@ use Debbugs::Versions::Dpkg;
 use Debbugs::Status qw(splitpackages);
 
 use Debbugs::CGI qw(html_escape);
-use Debbugs::Control qw(:all);
+use Debbugs::Control qw(:all valid_usertag);
 use Debbugs::Control::Service qw(:all);
 use Debbugs::Log qw(:misc);
 use Debbugs::Text qw(:templates);
@@ -425,7 +425,7 @@ END
 	    my %chtags;
 	    if (defined $tags and length $tags) {
 		 for my $t (split /[,\s]+/, $tags) {
-		      if ($t =~ m/^[a-zA-Z0-9.+\@-]+$/) {
+		      if (valid_usertag($t)) {
 			   $chtags{$t} = 1;
 		      } else {
 			   push @badtags, $t;