- It is no longer possible to add 'invalid' addresses to the ban_list

  and the *_these_nonmembers filters from the check boxes on the admindb
  interface.  (LP: #1187201)

2 files changed, 61 insertions, 33 deletions

diff --git a/Mailman/Cgi/admindb.py b/Mailman/Cgi/admindb.py
index dcca1389..8b73ae8d 100644
--- a/Mailman/Cgi/admindb.py
+++ b/Mailman/Cgi/admindb.py
@@ -710,6 +710,7 @@ def show_post_requests(mlist, id, info, total, count, form):
 
 def process_form(mlist, doc, cgidata):
     senderactions = {}
+    badaddrs = []
     # Sender-centric actions
     for k in cgidata.keys():
         for prefix in ('senderaction-', 'senderpreserve-', 'senderforward-',
@@ -762,20 +763,27 @@ def process_form(mlist, doc, cgidata):
         # Now see if this sender should be added to one of the nonmember
         # sender filters.
         if actions.get('senderfilterp', 0):
+            # Check for an invalid sender address.
             try:
-                which = int(actions.get('senderfilter'))
-            except ValueError:
-                # Bogus form
-                which = 'ignore'
-            if which == mm_cfg.ACCEPT:
-                mlist.accept_these_nonmembers.append(sender)
-            elif which == mm_cfg.HOLD:
-                mlist.hold_these_nonmembers.append(sender)
-            elif which == mm_cfg.REJECT:
-                mlist.reject_these_nonmembers.append(sender)
-            elif which == mm_cfg.DISCARD:
-                mlist.discard_these_nonmembers.append(sender)
-            # Otherwise, it's a bogus form, so ignore it
+                Utils.ValidateEmail(sender)
+            except Errors.EmailAddressError:
+                # Don't check for dups.  Report it once for each checked box.
+                badaddrs.append(sender)
+            else:
+                try:
+                    which = int(actions.get('senderfilter'))
+                except ValueError:
+                    # Bogus form
+                    which = 'ignore'
+                if which == mm_cfg.ACCEPT:
+                    mlist.accept_these_nonmembers.append(sender)
+                elif which == mm_cfg.HOLD:
+                    mlist.hold_these_nonmembers.append(sender)
+                elif which == mm_cfg.REJECT:
+                    mlist.reject_these_nonmembers.append(sender)
+                elif which == mm_cfg.DISCARD:
+                    mlist.discard_these_nonmembers.append(sender)
+                # Otherwise, it's a bogus form, so ignore it
         # And now see if we're to clear the member's moderation flag.
         if actions.get('senderclearmodp', 0):
             try:
@@ -785,8 +793,15 @@ def process_form(mlist, doc, cgidata):
                 pass
         # And should this address be banned?
         if actions.get('senderbanp', 0):
-            if sender not in mlist.ban_list:
-                mlist.ban_list.append(sender)
+            # Check for an invalid sender address.
+            try:
+                Utils.ValidateEmail(sender)
+            except Errors.EmailAddressError:
+                # Don't check for dups.  Report it once for each checked box.
+                badaddrs.append(sender)
+            else:
+                if sender not in mlist.ban_list:
+                    mlist.ban_list.append(sender)
     # Now, do message specific actions
     banaddrs = []
     erroraddrs = []
@@ -836,6 +851,8 @@ def process_form(mlist, doc, cgidata):
         if cgidata.getvalue(bankey):
             sender = mlist.GetRecord(request_id)[1]
             if sender not in mlist.ban_list:
+                # We don't need to validate the sender.  An invalid address
+                # can't get here.
                 mlist.ban_list.append(sender)
         # Handle the request id
         try:
@@ -854,7 +871,14 @@ def process_form(mlist, doc, cgidata):
     doc.AddItem(Header(2, _('Database Updated...')))
     if erroraddrs:
         for addr in erroraddrs:
+            addr = Utils.websafe(addr)
             doc.AddItem(`addr` + _(' is already a member') + '<br>')
     if banaddrs:
         for addr, patt in banaddrs:
+            addr = Utils.websafe(addr)
             doc.AddItem(_('%(addr)s is banned (matched: %(patt)s)') + '<br>')
+    if badaddrs:
+        for addr in badaddrs:
+            addr = Utils.websafe(addr)
+            doc.AddItem(`addr` + ': ' + _('Bad/Invalid email address') +
+                        '<br>')
diff --git a/NEWS b/NEWS
index a58cbee6..15e77e9b 100755
--- a/NEWS
+++ b/NEWS
@@ -11,7 +11,7 @@ Here is a history of user visible changes to Mailman.
 
     - Setting digest_size_threshhold to zero now means no digests will be
       sent based on size instead of a digest being sent with every post.
-      (LP: 558274)
+      (LP: #558274)
 
     - There is a new mm_cfg.py setting SUBSCRIBE_FORM_SECRET which will put
       a dynamically generated, hidden hash in the listinfo subscribe form and
@@ -21,24 +21,24 @@ Here is a history of user visible changes to Mailman.
       submitted no later than FORM_LIFETIME nor no earlier than
       SUBSCRIBE_FORM_MIN_TIME after retrieval.  Note that enabling this will
       break any static subscribe forms on your site.  See the description in
-      Defaults.py for more info.  (LP: 1082746)
+      Defaults.py for more info.  (LP: #1082746)
 
     - add_members now has an option to add members with mail delivery disabled
-      by admin.  (LP: 1070574)
+      by admin.  (LP: #1070574)
 
     - IncomingRunner now logs rejected messages to the vette log.
-      (LP: 1068837)
+      (LP: #1068837)
 
     - The name of the mailmanctl master lock file is now congigurable via the
-      mm_cfg.py setting MASTER_LOCK_FILE.  (LP: 1082308)
+      mm_cfg.py setting MASTER_LOCK_FILE.  (LP: #1082308)
 
     - list_lists now has an option to list only lists with public archives.
-      (LP: 1082711)
+      (LP: #1082711)
 
   Contributed programs
 
     - A new import_majordomo_into_mailman.pl script has been contributed by
-      Geoff Mayes.  (LP: 1129742)
+      Geoff Mayes.  (LP: #1129742)
 
     - A new "sitemap" bash script has been contributed by Tomasz Chmielewski
       <mangoo@wpkg.org> to generate a sitemap.xml file of an installation's
@@ -50,10 +50,10 @@ Here is a history of user visible changes to Mailman.
       Mahyar Moghimi.
 
     - Fixed several misspelled or garbled string replacements in the Spanish
-      message catalog.  (LP: 1160138)
+      message catalog.  (LP: #1160138)
 
     - pt_BR message catalog has two new and an updated message per Hugo Koji
-      Kobayashi.  (LP: 1138578)
+      Kobayashi.  (LP: #1138578)
 
     - German message catalog has been updated per Ralf Hildebrandt.
 
@@ -61,38 +61,42 @@ Here is a history of user visible changes to Mailman.
 
   Bug Fixes and other patches
 
+    - It is no longer possible to add 'invalid' addresses to the ban_list
+      and the *_these_nonmembers filters from the check boxes on the admindb
+      interface.  (LP: #1187201)
+
     - Backported recognition for mail.ru DSNs and minor bug fixes from
       lp:flufl.bounce.  (LP: #1074592, LP: #1079249 and #1079254)
 
     - Defended against buggy web servers that don't include an empty
-      QUERY_STRING in the CGI environment.  (LP: 1160647)
+      QUERY_STRING in the CGI environment.  (LP: #1160647)
 
     - The Switchboard.finish() method now logs the text of the exception when
-      it fails to unlink/preserve a .bak file.  (LP: 1165589)
+      it fails to unlink/preserve a .bak file.  (LP: #1165589)
 
     - The pending (un)subscriptions waiting approval are now sorted by email
-      address in the admindb interface as intended.  (LP: 1164160)
+      address in the admindb interface as intended.  (LP: #1164160)
 
     - The subscribe log entry for a bin/add_members subscribe now identifies
-      bin/add_members as the source.  (LP: 1161642)
+      bin/add_members as the source.  (LP: #1161642)
 
     - Fixed a bug where the Subject: of the user notification of a
       bin/remove_members unsubscribe was not in the user's language.
-      (LP: 1161445)
+      (LP: #1161445)
 
     - Fixed a bug where BounceRunner could create and leave behind zero length
-      bounce-events files.  (LP: 1161610)
+      bounce-events files.  (LP: #1161610)
 
     - Added recognition for another Yahoo bounce format.  LP: #1157961
     - Changed configure's method for getting Python's include directory from
       distutils.sysconfig.get_config_var('CONFINCLUDEPY') to
-      distutils.sysconfig.get_python_inc().  (LP: 1098162)
+      distutils.sysconfig.get_python_inc().  (LP: #1098162)
 
-    - Added an Auto-Generated: header to password reminders.  (LP: 558240)
+    - Added an Auto-Generated: header to password reminders.  (LP: #558240)
 
     - Fixed a bug where non-ascii characters in the real name in a subscription
       request could throw a UnicodeEncodeError upon subscription approval and
-      perhaps in other situations too.  (LP: 1047100)
+      perhaps in other situations too.  (LP: #1047100)
 
     - The query fragments send_unsub_notifications_to_list_owner and
       send_unsub_ack_to_this_batch will now assume default values if not set