From 5cd4000e9f8157e13bba8ff146249aed50a7cb02 Mon Sep 17 00:00:00 2001 From: Mark Sapiro Date: Fri, 6 Dec 2013 17:19:28 -0800 Subject: Fixed email address validation to do a bit better in obscure cases. --- Mailman/Utils.py | 7 ++++--- NEWS | 3 +++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/Mailman/Utils.py b/Mailman/Utils.py index 93e1fba1..0a20423a 100644 --- a/Mailman/Utils.py +++ b/Mailman/Utils.py @@ -1,4 +1,4 @@ -# Copyright (C) 1998-2011 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2013 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -223,7 +223,7 @@ def ValidateEmail(s): # Pretty minimal, cheesy check. We could do better... if not s or s.count(' ') > 0: raise Errors.MMBadEmailError - if _badchars.search(s) or s[0] == '-': + if _badchars.search(s): raise Errors.MMHostileAddress, s user, domain_parts = ParseEmail(s) # This means local, unqualified addresses, are not allowed @@ -232,8 +232,9 @@ def ValidateEmail(s): if len(domain_parts) < 2: raise Errors.MMBadEmailError, s # domain parts may only contain ascii letters, digits and hyphen + # and must not begin with hyphen. for p in domain_parts: - if len(_valid_domain.sub('', p)) > 0: + if len(p) == 0 or p[0] == '-' or len(_valid_domain.sub('', p)) > 0: raise Errors.MMHostileAddress, s diff --git a/NEWS b/NEWS index 170be23a..2a9ba15a 100755 --- a/NEWS +++ b/NEWS @@ -9,6 +9,9 @@ Here is a history of user visible changes to Mailman. Bug Fixes and other patches + - Fixed email address validation to do a bit better in obscure cases. + (LP: #1258703) + - Fixed a bug which caused some authentication cookies to expire too soon if AUTHENTICATION_COOKIE_LIFETIME is non-zero. (LP: #1257112) -- cgit v1.2.3