afuna: Cat under a blanket. Text: "Cats are just little people with Fur and Fangs" (Default)
afuna ([personal profile] afuna) wrote in [site community profile] changelog2009-03-06 08:05 am
  • Add Memory
  • Share This Entry

[dw-free] Incorrect invite-code regex in htdocs/create.bml

[commit: http://hg.dwscoalition.org/dw-free/rev/d7a8c576d5e4]

http://bugs.dwscoalition.org/show_bug.cgi?id=351

Add DW::InviteCodes::could_be_code.

Patch by [personal profile] janinedog.

Files modified:
  • cgi-bin/DW/InviteCodes.pm
--------------------------------------------------------------------------------
diff -r eae6da291a54 -r d7a8c576d5e4 cgi-bin/DW/InviteCodes.pm
--- a/cgi-bin/DW/InviteCodes.pm	Fri Mar 06 07:52:58 2009 +0000
+++ b/cgi-bin/DW/InviteCodes.pm	Fri Mar 06 08:04:37 2009 +0000
@@ -95,6 +95,28 @@ sub generate {
     return @invitecodes;
 }
 
+=head2 C<< $class->could_be_code( string => $string ) >>
+
+Checks whether $string could possibly be a code. It makes sure that it only
+contains DIGITS and is CODE_LEN long.
+
+=cut
+
+sub could_be_code {
+    my ( $class, %opts ) = @_;
+
+    my $string = uc $opts{string};
+    return 0 unless length $string == CODE_LEN;
+
+    my %valid_digits = map { $_ => 1 } DIGITS;
+    my @string_array = split( //, $string );
+    foreach my $char ( @string_array ) {
+        return 0 unless $valid_digits{$char};
+    }
+
+    return 1;
+}
+
 =head2 C<< $class->check_code( code => $invite [, userid => $recipient] ) >>
 
 Checks whether code $invite is valid before trying to create an account. Takes
@@ -107,7 +129,7 @@ sub check_code {
     my ($class, %opts) = @_;
     my $dbh = LJ::get_db_writer();
 
-    return 0 unless ( length( $opts{code} ) == CODE_LEN );
+    return 0 unless $class->could_be_code( string => $opts{code} );
 
     my ($acid, $auth) = $class->decode( $opts{code} );
     my $ac = $dbh->selectrow_hashref( "SELECT userid, rcptid, auth " .
@@ -117,7 +139,8 @@ sub check_code {
     # invalid account code
     return 0 unless ( $ac && uc($ac->{auth}) eq $auth );
     # code has already been used
-    return 0 if ( $ac->{rcptid} && $ac->{rcptid} != $opts{userid} );
+    my $userid = $opts{userid} || 0;
+    return 0 if ( $ac->{rcptid} && $ac->{rcptid} != $userid );
 
     # is the inviter suspended?
     my $u = LJ::load_userid( $ac->{userid} );
--------------------------------------------------------------------------------
  • Add Memory
  • Share This Entry
(2 comments)

Post a comment in response:

This account has disabled anonymous posting.
If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.