[Mailman-Developers] error with bad email with % in
addErrorin htmlformat.py
Mark Sapiro
msapiro at value.net
Tue Jan 11 07:02:06 CET 2005
Tokio Kikuchi wrote:
>
>Mark Sapiro wrote:
>
>> The bug report is at
>> https://sourceforge.net/tracker/index.php?func=detail&aid=1099840&group_id=103&atid=100103
>>
>
>Looks like we must add more on this list of bad characters.
>
>Index: Utils.py
>===================================================================
>--- Utils.py (revision 157)
>+++ Utils.py (working copy)
>@@ -200,7 +200,7 @@
>
>
> # TBD: what other characters should be disallowed?
>-_badchars = re.compile(r'[][()<>|;^,\000-\037\177-\377]')
>+_badchars = re.compile(r'[][()<>|;^,%!\000-\037\177-\377]')
>
> def ValidateEmail(s):
> """Verify that the an email address isn't grossly evil."""
>
>I'm going to add '%' and '!'. Are there any evil charcters like these?
Hi Tokio,
I'm not sure that this is what we need to do for this particular error.
I don't think it will hurt unless there are actually valid addresses
with '%' or '!', but I'm not sure that it will fix the problem
described in the bug report.
The problem in the bug report comes about when the system attempts to
report the error. For some reason which I don't understand, if the bad
e-mail address being reported contains a '%' the string formatting
operation that's part of addError fails.
In other words, the problem doesn't occur because the '%' is allowed.
The problem occurs in the reporting of a bad address that happens to
contain a '%' in addition to being bad.
I admit I don't really understand what's going on, but it seems that
adding '%' to _badchars will not fix this problem. Rather, it will
just enlarge the set of "e-mail addresses" for which the problem
occurs.
--
Mark Sapiro <msapiro at value.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Developers
mailing list