[Rt-commit] r3203 - in rt/branches/3.2-RELEASE: . bin lib/RT lib/RT/Action

[alexmv at bestpractical.com]

Author: alexmv
Date: Thu Jun 16 04:29:14 2005
New Revision: 3203

Modified:
   rt/branches/3.2-RELEASE/   (props changed)
   rt/branches/3.2-RELEASE/bin/standalone_httpd.in
   rt/branches/3.2-RELEASE/lib/RT/Action/Notify.pm
   rt/branches/3.2-RELEASE/lib/RT/EmailParser.pm
   rt/branches/3.2-RELEASE/lib/RT/Queue_Overlay.pm
Log:
 r4306 at zoq-fot-pik:  chmrr | 2005-06-16 04:29:06 -0400
  * Move /^$foo$/ regexes to use eq instead, to prevent regex insertion
    exploits


Modified: rt/branches/3.2-RELEASE/bin/standalone_httpd.in
==============================================================================
--- rt/branches/3.2-RELEASE/bin/standalone_httpd.in	(original)
+++ rt/branches/3.2-RELEASE/bin/standalone_httpd.in	Thu Jun 16 04:29:14 2005
@@ -164,7 +164,7 @@
                 $tag =~ s/^COOKIES$/COOKIE/;
                 my $val = $2;
                 $tag =~ s/-/_/g;
-                $tag = "HTTP_".$tag unless (grep /^$tag$/, qw(CONTENT_LENGTH CONTENT_TYPE COOKIE));
+                $tag = "HTTP_".$tag unless (grep $_ eq $tag, qw(CONTENT_LENGTH CONTENT_TYPE COOKIE));
                 if ($ENV{$tag}) {
                 $ENV{$tag} .= "; $val";
                 }

Modified: rt/branches/3.2-RELEASE/lib/RT/Action/Notify.pm
==============================================================================
--- rt/branches/3.2-RELEASE/lib/RT/Action/Notify.pm	(original)
+++ rt/branches/3.2-RELEASE/lib/RT/Action/Notify.pm	Thu Jun 16 04:29:14 2005
@@ -158,9 +158,9 @@
         @{ $self->{'Bcc'} } = @Bcc;
     }
     else {
-        @{ $self->{'To'} }  = grep ( !/^$creator$/, @To );
-        @{ $self->{'Cc'} }  = grep ( !/^$creator$/, @Cc );
-        @{ $self->{'Bcc'} } = grep ( !/^$creator$/, @Bcc );
+        @{ $self->{'To'} }  = grep ( lc $_ ne $creator, @To );
+        @{ $self->{'Cc'} }  = grep ( lc $_ ne $creator, @Cc );
+        @{ $self->{'Bcc'} } = grep ( lc $_ ne $creator, @Bcc );
     }
     @{ $self->{'PseudoTo'} } = @PseudoTo;
 

Modified: rt/branches/3.2-RELEASE/lib/RT/EmailParser.pm
==============================================================================
--- rt/branches/3.2-RELEASE/lib/RT/EmailParser.pm	(original)
+++ rt/branches/3.2-RELEASE/lib/RT/EmailParser.pm	Thu Jun 16 04:29:14 2005
@@ -393,9 +393,9 @@
         my $Address = $AddrObj->address;
         my $user = RT::User->new($RT::SystemUser);
         $Address = $user->CanonicalizeEmailAddress($Address);
-        next if ( $args{'CurrentUser'}->EmailAddress   =~ /^$Address$/i );
-        next if ( $args{'QueueObj'}->CorrespondAddress =~ /^$Address$/i );
-        next if ( $args{'QueueObj'}->CommentAddress    =~ /^$Address$/i );
+        next if ( lc $args{'CurrentUser'}->EmailAddress   eq lc $Address );
+        next if ( lc $args{'QueueObj'}->CorrespondAddress eq lc $Address );
+        next if ( lc $args{'QueueObj'}->CommentAddress    eq lc $Address );
         next if ( IsRTAddress($Address) );
 
         push ( @Addresses, $Address );

Modified: rt/branches/3.2-RELEASE/lib/RT/Queue_Overlay.pm
==============================================================================
--- rt/branches/3.2-RELEASE/lib/RT/Queue_Overlay.pm	(original)
+++ rt/branches/3.2-RELEASE/lib/RT/Queue_Overlay.pm	Thu Jun 16 04:29:14 2005
@@ -232,7 +232,7 @@
     my $self  = shift;
     my $value = shift;
 
-    my $retval = grep ( /^$value$/, $self->StatusArray );
+    my $retval = grep ( $_ eq $value, $self->StatusArray );
     return ($retval);
 
 }
@@ -257,7 +257,7 @@
     my $self  = shift;
     my $value = shift;
 
-    my $retval = grep ( /^$value$/, $self->ActiveStatusArray );
+    my $retval = grep ( $_ eq $value, $self->ActiveStatusArray );
     return ($retval);
 
 }
@@ -282,7 +282,7 @@
     my $self  = shift;
     my $value = shift;
 
-    my $retval = grep ( /^$value$/, $self->InactiveStatusArray );
+    my $retval = grep ( $_ eq $value, $self->InactiveStatusArray );
     return ($retval);
 
 }