Tokio Kikuchi wrote: >Hi, > >Mark Sapiro wrote: > >> Thus, it would seem as a practical matter, Mailman should not accept >> for subscription any address containing any characters in the ranges >> \000-\037 and \177-\377. Thus I suggest the following, totally >> untested change: >> >> --- mailman-2.1.5/Mailman/Utils.py 2003-12-26 14:50:04.000000000 >> -0800 >> +++ mailman-mas/Mailman/Utils.py 2004-09-19 12:49:30.000000000 >> -0700 >> @@ -198,7 +198,7 @@ >> >> >> # TBD: what other characters should be disallowed? >> -_badchars = re.compile(r'[][()<>|;^,/\200-\377]') >> +_badchars = re.compile(r'[][()<>|;^,/\000-\037\177-\377]') >> >> def ValidateEmail(s): >> """Verify that the an email address isn't grossly evil.""" > >This patch looks reasonable and will be merged in CVS soon. Also, I >wonder if '/' should be removed from this list. It is X.400 char >and long have been asked for allowing. My test with postfix looks >like to accept at least in aliases and testing with mailman options >interface looks OK. (although a little bit uneasy because mailman cgi >separates command options with '/' character.) >
I would be more than a bit uneasy about removing the '/' from this list for just that reason. Removing it would allow an address with a '/' to be subscribed or at least to pass this test before being subscribed. The problem that comes immediately to mind is what happens to the links to the user's options page which are of the form http://server/mailman/options/listname/user--at--domain or http://server/mailman/options/listname/[EMAIL PROTECTED] when user contains a '/'? My gut feeling is that allowing the '/' would involve a lot more work than just removing it from the _badchars list. -- Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan _______________________________________________ Mailman-Developers mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-developers Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
