[CMF-checkins] CVS: CMF/CMFDefault - RegistrationTool.py:1.26

Tres Seaver tseaver at zope.com
Fri May 14 18:17:00 EDT 2004


Update of /cvs-repository/CMF/CMFDefault
In directory cvs.zope.org:/tmp/cvs-serv19879/CMFDefault

Modified Files:
	RegistrationTool.py 
Log Message:


  - slurp_release.py:
  
    o Repair breakage due to old python

  - Collector #243:  unchecked member property, 'email', could permit
    injection of mail headers.


=== CMF/CMFDefault/RegistrationTool.py 1.25 => 1.26 ===
--- CMF/CMFDefault/RegistrationTool.py:1.25	Thu Apr 29 12:13:18 2004
+++ CMF/CMFDefault/RegistrationTool.py	Fri May 14 18:16:30 2004
@@ -14,6 +14,7 @@
 
 $Id$
 """
+import re
 
 from Globals import InitializeClass, DTMLFile
 from AccessControl import ClassSecurityInfo
@@ -107,7 +108,12 @@
                 return ('The login name you selected is already '
                         'in use or is not valid. Please choose another.')
 
-            if not props.get('email'):
+            email = props.get('email')
+            if email is None:
+                return 'You must enter an email address.'
+
+            ok, message =  _checkEmail( email )
+            if not ok:
                 return 'You must enter a valid email address.'
 
         else: # Existing member.
@@ -204,3 +210,42 @@
         return member
 
 InitializeClass(RegistrationTool)
+
+# See URL: http://www.zopelabs.com/cookbook/1033402597
+
+_TESTS = ( ( re.compile("^[0-9a-zA-Z\.\-\_]+\@[0-9a-zA-Z\.\-]+$")
+           , True
+           , "Failed a"
+           )
+         , ( re.compile("^[^0-9a-zA-Z]|[^0-9a-zA-Z]$")
+           , False
+           , "Failed b"
+           )
+         , ( re.compile("([0-9a-zA-Z]{1})\@.")
+           , True
+           , "Failed c"
+           )
+         , ( re.compile(".\@([0-9a-zA-Z]{1})")
+           , True
+           , "Failed d"
+           )
+         , ( re.compile(".\.\-.|.\-\..|.\.\..|.\-\-.")
+           , False
+           , "Failed e"
+           )
+         , ( re.compile(".\.\_.|.\-\_.|.\_\..|.\_\-.|.\_\_.")
+           , False
+           , "Failed f"
+           )
+         , ( re.compile(".\.([a-zA-Z]{2,3})$|.\.([a-zA-Z]{2,4})$")
+           , True
+           , "Failed g"
+           )
+         )
+
+def _checkEmail( address ):
+    for pattern, expected, message in _TESTS:
+        matched = pattern.search( address ) is not None
+        if matched != expected:
+            return False, message
+    return True, ''




More information about the CMF-checkins mailing list