afuna: Cat under a blanket. Text: "Cats are just little people with Fur and Fangs" (Default)
afuna ([personal profile] afuna) wrote in [site community profile] changelog2009-03-06 08:05 am
  • Add Memory
  • Share This Entry

[dw-free] Incorrect invite-code regex in htdocs/create.bml

[commit: http://hg.dwscoalition.org/dw-free/rev/d7a8c576d5e4]

http://bugs.dwscoalition.org/show_bug.cgi?id=351

Add DW::InviteCodes::could_be_code.

Patch by [personal profile] janinedog.

Files modified:
  • cgi-bin/DW/InviteCodes.pm
--------------------------------------------------------------------------------
diff -r eae6da291a54 -r d7a8c576d5e4 cgi-bin/DW/InviteCodes.pm
--- a/cgi-bin/DW/InviteCodes.pm	Fri Mar 06 07:52:58 2009 +0000
+++ b/cgi-bin/DW/InviteCodes.pm	Fri Mar 06 08:04:37 2009 +0000
@@ -95,6 +95,28 @@ sub generate {
     return @invitecodes;
 }
 
+=head2 C<< $class->could_be_code( string => $string ) >>
+
+Checks whether $string could possibly be a code. It makes sure that it only
+contains DIGITS and is CODE_LEN long.
+
+=cut
+
+sub could_be_code {
+    my ( $class, %opts ) = @_;
+
+    my $string = uc $opts{string};
+    return 0 unless length $string == CODE_LEN;
+
+    my %valid_digits = map { $_ => 1 } DIGITS;
+    my @string_array = split( //, $string );
+    foreach my $char ( @string_array ) {
+        return 0 unless $valid_digits{$char};
+    }
+
+    return 1;
+}
+
 =head2 C<< $class->check_code( code => $invite [, userid => $recipient] ) >>
 
 Checks whether code $invite is valid before trying to create an account. Takes
@@ -107,7 +129,7 @@ sub check_code {
     my ($class, %opts) = @_;
     my $dbh = LJ::get_db_writer();
 
-    return 0 unless ( length( $opts{code} ) == CODE_LEN );
+    return 0 unless $class->could_be_code( string => $opts{code} );
 
     my ($acid, $auth) = $class->decode( $opts{code} );
     my $ac = $dbh->selectrow_hashref( "SELECT userid, rcptid, auth " .
@@ -117,7 +139,8 @@ sub check_code {
     # invalid account code
     return 0 unless ( $ac && uc($ac->{auth}) eq $auth );
     # code has already been used
-    return 0 if ( $ac->{rcptid} && $ac->{rcptid} != $opts{userid} );
+    my $userid = $opts{userid} || 0;
+    return 0 if ( $ac->{rcptid} && $ac->{rcptid} != $userid );
 
     # is the inviter suspended?
     my $u = LJ::load_userid( $ac->{userid} );
--------------------------------------------------------------------------------
Flat | Top-Level Comments Only
ext_78: A picture of a plush animal. It looks a bit like a cross between a duck and a platypus. (Default)

[identity profile] pne.livejournal.com 2009-03-06 10:30 am (UTC)(link)
Wouldn't it be better to use a regex to match the code?

Something like DIGIT_REGEX = qr/^[ABCDEFGHJKLMNPQRSTUVWXYZ23456789]+$/?

Then you'd only have one "regex match" Perl op rather than a foreach loop with hash lookups for each character, which should be faster.
pauamma: Cartooney crab wearing hot pink and acid green facemask holding drink with straw (Default)

[personal profile] pauamma 2009-03-06 10:55 am (UTC)(link)
Patch welcome. :-)
Flat | Top-Level Comments Only