diff options
author | tkikuchi <> | 2004-10-09 04:15:41 +0000 |
---|---|---|
committer | tkikuchi <> | 2004-10-09 04:15:41 +0000 |
commit | 6b02d74dfcfd74994f14dd89b79cfd62a394c788 (patch) | |
tree | 9382ef79d0257e831a06526867528ba336f1fe06 /Mailman | |
parent | c4a3e8e0b833d51da0d5e1b19a3eab0d3805ec5d (diff) | |
download | mailman2-6b02d74dfcfd74994f14dd89b79cfd62a394c788.tar.gz mailman2-6b02d74dfcfd74994f14dd89b79cfd62a394c788.tar.xz mailman2-6b02d74dfcfd74994f14dd89b79cfd62a394c788.zip |
[ 1030228 ] Mass Subscribe address with control character - can't delete
Also, '/' can be used now.
Diffstat (limited to 'Mailman')
-rw-r--r-- | Mailman/SecurityManager.py | 2 | ||||
-rw-r--r-- | Mailman/Utils.py | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/Mailman/SecurityManager.py b/Mailman/SecurityManager.py index 4ebb1fcd..b8707c1d 100644 --- a/Mailman/SecurityManager.py +++ b/Mailman/SecurityManager.py @@ -103,7 +103,7 @@ class SecurityManager: # A bad system error raise TypeError, 'No user supplied for AuthUser context' secret = self.getMemberPassword(user) - key += 'user+%s' % Utils.ObscureEmail(user) + key += 'user+%s' % Utils.ObscureEmail(user).replace('/','%2f') elif authcontext == mm_cfg.AuthListModerator: secret = self.mod_password key += 'moderator' diff --git a/Mailman/Utils.py b/Mailman/Utils.py index dda90354..03575998 100644 --- a/Mailman/Utils.py +++ b/Mailman/Utils.py @@ -199,7 +199,7 @@ def LCDomain(addr): # TBD: what other characters should be disallowed? -_badchars = re.compile(r'[][()<>|;^,/\200-\377]') +_badchars = re.compile(r'[][()<>|;^,\000-\037\177-\377]') def ValidateEmail(s): """Verify that the an email address isn't grossly evil.""" |