This should work against the standard source code in debian
roy
---
diff -urN sympa-6.2.70~dfsg-1/src/cgi/wwsympa.fcgi.in
sympa-6.2.70~dfsg-2/src/cgi/wwsympa.fcgi.in
--- sympa-6.2.70~dfsg-1/src/cgi/wwsympa.fcgi.in 2025-01-08 15:09:05.000000000
+0100
+++ sympa-6.2.70~dfsg-2/src/cgi/wwsympa.fcgi.in 2025-01-08 15:23:25.429883808
+0100
@@ -3352,7 +3352,13 @@
# If contacted via POST, then redirect the user to the URL for the
# access control to apply.
- if ($ENV{'REQUEST_METHOD'} eq 'POST') {
+ unless (
+ 'GET' eq $ENV{REQUEST_METHOD}
+ and 0 == index(
+ $ENV{PATH_INFO} . '/',
+ "/sso_login/$in{'auth_service_name'}/"
+ )
+ ) {
my @paths;
my $service;
@@ -3431,7 +3437,8 @@
return 1;
}
- if (defined($in{'email'}) and !($in{'subaction'} eq 'init')) {
+ if (Sympa::Tools::Text::valid_email($in{'email'})
+ and $in{'subaction'} eq 'validateemail') {
$email = $in{'email'};
}
@@ -3443,7 +3450,7 @@
## Replace sendpassword with one time ticket
$param->{'one_time_ticket'} = Sympa::Ticket::create(
- $in{'email'},
+ $email,
$robot,
'sso_login/confirmemail?auth_service_name='
. $in{'auth_service_name'},
@@ -3470,7 +3477,7 @@
# Check input parameters and verify ticket for email, stolen
# from do_login()
#
- unless ($in{'email'}) {
+ unless (Sympa::Tools::Text::valid_email($in{'email'})) {
add_stash('user', 'no_email');
wwslog('info', 'No email');
web_db_log(
--
Roy Sigurd Karlsbakk
r...@karlsbakk.net
+47 9801 3356
--
I all pedagogikk er det essensielt at pensum presenteres intelligibelt. Det er
et elementært imperativ for alle pedagoger å unngå eksessiv anvendelse av
idiomer med xenotyp etymologi. I de fleste tilfeller eksisterer adekvate og
relevante synonymer på norsk.
