[Mailman-checkins] [Git][mailman/mailman][master] 3 commits: Improve email.Validator.is_valid() to be more compliant with RFC 5321.

Barry Warsaw via Mailman-checkins Sun, 17 Jul 2016 09:23:31 -0700

Barry Warsaw pushed to branch master at mailman / Mailman


Commits:
f0ec0cf2 by Mark Sapiro at 2016-07-17T15:49:49+00:00
Improve email.Validator.is_valid() to be more compliant with RFC 5321.
- - - - -
fe27f983 by Mark Sapiro at 2016-07-17T15:49:49+00:00
Update NEWS.rst for fix to #266
- - - - -
a3e6f595 by Mark Sapiro at 2016-07-17T15:49:49+00:00
Added blank line.
- - - - -


2 changed files:

- src/mailman/docs/NEWS.rst
- src/mailman/email/validate.py


Changes:

=====================================
src/mailman/docs/NEWS.rst
=====================================
--- a/src/mailman/docs/NEWS.rst
+++ b/src/mailman/docs/NEWS.rst
@@ -85,6 +85,7 @@ Bugs
    multipart/digest subpart.  (Closes #234)
  * Nonmember subscriptions are removed when one of the addresses controlled by
    a user is subscribed as a member.  Given by Aditya Divekar.  (Closes #237)
+ * Email address validation is now more compliant with RFC 5321.  (Closes #266)
 
 Configuration
 -------------


=====================================
src/mailman/email/validate.py
=====================================
--- a/src/mailman/email/validate.py
+++ b/src/mailman/email/validate.py
@@ -27,7 +27,11 @@ from zope.interface import implementer
 
 
 # What other characters should be disallowed?
-_badchars = re.compile(r'[][()<>|;^,\000-\037\177-\377]')
+_badchars = re.compile(r'[][()<>|:;^,\\"\000-\037\177-\377]')
+# Strictly speaking, some of the above are allowed in quoted local parts, but
+# this can open the door to certain web exploits so we don't allow them.
+_valid_domain = re.compile('[-a-z0-9]', re.IGNORECASE)
+# These are the only characters allowed in domain parts.
 
 
 @public
@@ -39,7 +43,7 @@ class Validator:
         """See `IEmailValidator`."""
         if not email or ' ' in email:
             return False
-        if _badchars.search(email) or email[0] == '-':
+        if _badchars.search(email):
             return False
         user, domain_parts = split_email(email)
         # Local, unqualified addresses are not allowed.
@@ -47,6 +51,9 @@ class Validator:
             return False
         if len(domain_parts) < 2:
             return False
+        for p in domain_parts:
+            if len(p) == 0 or p[0] == '-' or len(_valid_domain.sub('', p)) > 0:
+                return False
         return True
 
     def validate(self, email):



View it on GitLab: 
https://gitlab.com/mailman/mailman/compare/2eae426742d02bfac617429d3d207d4b1ce98137...a3e6f5952f262557d7279cad372d2f4f532d9b36

_______________________________________________
Mailman-checkins mailing list
Mailman-checkins@python.org
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-checkins/archive%40jab.org

[Mailman-checkins] [Git][mailman/mailman][master] 3 commits: Improve email.Validator.is_valid() to be more compliant with RFC 5321.

Reply via email to