From 5cd4000e9f8157e13bba8ff146249aed50a7cb02 Mon Sep 17 00:00:00 2001
From: Mark Sapiro <msapiro@value.net>
Date: Fri, 6 Dec 2013 17:19:28 -0800
Subject: Fixed email address validation to do a bit better in obscure cases.

---
 Mailman/Utils.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'Mailman')

diff --git a/Mailman/Utils.py b/Mailman/Utils.py
index 93e1fba1..0a20423a 100644
--- a/Mailman/Utils.py
+++ b/Mailman/Utils.py
@@ -1,4 +1,4 @@
-# Copyright (C) 1998-2011 by the Free Software Foundation, Inc.
+# Copyright (C) 1998-2013 by the Free Software Foundation, Inc.
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
@@ -223,7 +223,7 @@ def ValidateEmail(s):
     # Pretty minimal, cheesy check.  We could do better...
     if not s or s.count(' ') > 0:
         raise Errors.MMBadEmailError
-    if _badchars.search(s) or s[0] == '-':
+    if _badchars.search(s):
         raise Errors.MMHostileAddress, s
     user, domain_parts = ParseEmail(s)
     # This means local, unqualified addresses, are not allowed
@@ -232,8 +232,9 @@ def ValidateEmail(s):
     if len(domain_parts) < 2:
         raise Errors.MMBadEmailError, s
     # domain parts may only contain ascii letters, digits and hyphen
+    # and must not begin with hyphen.
     for p in domain_parts:
-        if len(_valid_domain.sub('', p)) > 0:
+        if len(p) == 0 or p[0] == '-' or len(_valid_domain.sub('', p)) > 0:
             raise Errors.MMHostileAddress, s
 
 
-- 
cgit v1.2.3