2.1] Rev 1084: Changed Utils.ValidateEmail to not allow specials (particularly ':')

noreply Wed, 07 May 2008 21:07:05 -0700

------------------------------------------------------------
revno: 1084
committer: Mark Sapiro <[EMAIL PROTECTED]>
branch nick: 2.1
timestamp: Wed 2008-05-07 20:46:19 -0700
message:
  Changed Utils.ValidateEmail to not allow specials (particularly ':')
  in unquoted local parts (SF bug # 1956393).
modified:
  Mailman/Utils.py
  NEWS


=== modified file 'Mailman/Utils.py'
--- a/Mailman/Utils.py  2007-12-04 19:52:18 +0000
+++ b/Mailman/Utils.py  2008-05-08 03:46:19 +0000
@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2007 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2008 by the Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -203,6 +203,9 @@
 
 # TBD: what other characters should be disallowed?
 _badchars = re.compile(r'[][()<>|;^,\000-\037\177-\377]')
+# characters in addition to _badchars which are not allowed in
+# unquoted local parts.
+_specials = re.compile(r'[:\\"]')
 
 def ValidateEmail(s):
     """Verify that an email address isn't grossly evil."""
@@ -212,11 +215,15 @@
     if _badchars.search(s) or s[0] == '-':
         raise Errors.MMHostileAddress, s
     user, domain_parts = ParseEmail(s)
-    # This means local, unqualified addresses, are no allowed
+    # This means local, unqualified addresses, are not allowed
     if not domain_parts:
         raise Errors.MMBadEmailError, s
     if len(domain_parts) < 2:
         raise Errors.MMBadEmailError, s
+    if not (user.startswith('"') and user.endswith('"')):
+        # local part is not quoted so it can't contain specials
+        if _specials.search(user):
+            raise Errors.MMBadEmailError, s
 
 
 

=== modified file 'NEWS'
--- a/NEWS      2008-04-28 17:59:50 +0000
+++ b/NEWS      2008-05-08 03:46:19 +0000
@@ -20,6 +20,9 @@
       templates/xx to lists/xx if a list has the same name as a language
       code.  Also fixed the absolute path to lists/ (1418670 ).
 
+    - Changed Utils.ValidateEmail to not allow specials (particularly ':')
+      in unquoted local parts (1956393).
+
 2.1.10 (21-Apr-2008)
 
   Security



--
Stable, maintained release series
https://code.launchpad.net/~mailman-coders/mailman/2.1

You are receiving this branch notification because you are subscribed to it.
_______________________________________________
Mailman-checkins mailing list
[email protected]
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-checkins/archive%40jab.org

[Mailman-checkins] [Branch ~mailman-coders/mailman/2.1] Rev 1084: Changed Utils.ValidateEmail to not allow specials (particularly ':')

Reply via email to