[CMF-checkins] CVS: CMF/CMFDefault - RegistrationTool.py:1.26
Tres Seaver
tseaver at zope.com
Fri May 14 18:17:00 EDT 2004
Update of /cvs-repository/CMF/CMFDefault
In directory cvs.zope.org:/tmp/cvs-serv19879/CMFDefault
Modified Files:
RegistrationTool.py
Log Message:
- slurp_release.py:
o Repair breakage due to old python
- Collector #243: unchecked member property, 'email', could permit
injection of mail headers.
=== CMF/CMFDefault/RegistrationTool.py 1.25 => 1.26 ===
--- CMF/CMFDefault/RegistrationTool.py:1.25 Thu Apr 29 12:13:18 2004
+++ CMF/CMFDefault/RegistrationTool.py Fri May 14 18:16:30 2004
@@ -14,6 +14,7 @@
$Id$
"""
+import re
from Globals import InitializeClass, DTMLFile
from AccessControl import ClassSecurityInfo
@@ -107,7 +108,12 @@
return ('The login name you selected is already '
'in use or is not valid. Please choose another.')
- if not props.get('email'):
+ email = props.get('email')
+ if email is None:
+ return 'You must enter an email address.'
+
+ ok, message = _checkEmail( email )
+ if not ok:
return 'You must enter a valid email address.'
else: # Existing member.
@@ -204,3 +210,42 @@
return member
InitializeClass(RegistrationTool)
+
+# See URL: http://www.zopelabs.com/cookbook/1033402597
+
+_TESTS = ( ( re.compile("^[0-9a-zA-Z\.\-\_]+\@[0-9a-zA-Z\.\-]+$")
+ , True
+ , "Failed a"
+ )
+ , ( re.compile("^[^0-9a-zA-Z]|[^0-9a-zA-Z]$")
+ , False
+ , "Failed b"
+ )
+ , ( re.compile("([0-9a-zA-Z]{1})\@.")
+ , True
+ , "Failed c"
+ )
+ , ( re.compile(".\@([0-9a-zA-Z]{1})")
+ , True
+ , "Failed d"
+ )
+ , ( re.compile(".\.\-.|.\-\..|.\.\..|.\-\-.")
+ , False
+ , "Failed e"
+ )
+ , ( re.compile(".\.\_.|.\-\_.|.\_\..|.\_\-.|.\_\_.")
+ , False
+ , "Failed f"
+ )
+ , ( re.compile(".\.([a-zA-Z]{2,3})$|.\.([a-zA-Z]{2,4})$")
+ , True
+ , "Failed g"
+ )
+ )
+
+def _checkEmail( address ):
+ for pattern, expected, message in _TESTS:
+ matched = pattern.search( address ) is not None
+ if matched != expected:
+ return False, message
+ return True, ''
More information about the CMF-checkins
mailing list