[CMF-checkins] CVS: CMF/CMFDefault - RegistrationTool.py:1.19.10.5

Tue Jun 1 13:18:02 EDT 2004

Update of /cvs-repository/CMF/CMFDefault
In directory cvs.zope.org:/tmp/cvs-serv7992/CMFDefault

Modified Files:
      Tag: CMF-1_4-branch
	RegistrationTool.py 
Log Message:


 - Further hardening of member property, 'email', to prevent trickier
   header injection into system-generated e-mails (Collector #243 redux).



=== CMF/CMFDefault/RegistrationTool.py 1.19.10.4 => 1.19.10.5 ===

--- CMF/CMFDefault/RegistrationTool.py:1.19.10.4	Fri May 14 17:44:13 2004
+++ CMF/CMFDefault/RegistrationTool.py	Tue Jun  1 13:18:00 2004
@@ -113,9 +113,18 @@
                 return 'You must enter a valid email address.'
 
         else: # Existing member.
+            email = props.get('email')
+
+            if email is not None:
+
+                ok, message =  _checkEmail( email )
+                if not ok:
+                    return 'You must enter a valid email address.'
+
             # Not allowed to clear an existing non-empty email.
-            if (member.getProperty('email') and
-                not props.get('email', 'NoPropIsOk')):
+            existing = member.getProperty('email')
+            
+            if existing and email == '':
                 return 'You must enter a valid email address.'
 
         return None
@@ -138,6 +147,10 @@
         if not member.getProperty('email'):
             raise 'ValueError', 'That user does not have an email address.'
 
+        check, msg = _checkEmail(member.getProperty('email'))
+        if not check:
+            raise 'ValueError', msg
+
         # Rather than have the template try to use the mailhost, we will
         # render the message ourselves and send it from here (where we
         # don't need to worry about 'UseMailHost' permissions).
@@ -169,6 +182,10 @@
         if email is None:
             raise ValueError( 'Member %s has no e-mail address!'
                             % new_member_id )
+
+        check, msg = _checkEmail(email)
+        if not check:
+            raise 'ValueError', msg
 
         # Rather than have the template try to use the mailhost, we will
         # render the message ourselves and send it from here (where we


