diff options
author | 2005-09-04 10:18:13 +0000 | |
---|---|---|
committer | 2005-09-04 10:18:13 +0000 | |
commit | c09d534808ecfc6d08a6a5cc53ea1a5b6a9363ed (patch) | |
tree | d49d1df5025b4077c555a6233531fea99e0f7d09 /www-apps/pyblosxom-plugins/files | |
parent | Fixed digests (diff) | |
download | overlay-c09d534808ecfc6d08a6a5cc53ea1a5b6a9363ed.tar.gz overlay-c09d534808ecfc6d08a6a5cc53ea1a5b6a9363ed.tar.bz2 overlay-c09d534808ecfc6d08a6a5cc53ea1a5b6a9363ed.zip |
Trying to fix contact plugin
svn path=/; revision=341
Diffstat (limited to 'www-apps/pyblosxom-plugins/files')
-rw-r--r-- | www-apps/pyblosxom-plugins/files/contact.py | 104 |
1 files changed, 102 insertions, 2 deletions
diff --git a/www-apps/pyblosxom-plugins/files/contact.py b/www-apps/pyblosxom-plugins/files/contact.py index 7e30cf2..f44f8a6 100644 --- a/www-apps/pyblosxom-plugins/files/contact.py +++ b/www-apps/pyblosxom-plugins/files/contact.py @@ -31,7 +31,7 @@ __license__ = "GPL 2+" # Python imports - +import urlparse # Pyblosxom imports from Pyblosxom.renderers.blosxom import Renderer @@ -79,6 +79,103 @@ _default_template = """ </div> """ +################################################################################ +## +## Helper functions +## +################################################################################ + +rfc822_specials = '()<>@,;:\\"[]' + +def isAddressValid(addr): + ''' + Taken from + + http://www.secureprogramming.com/?action=view&feature=recipes&recipeid=1 + + Posted by Matt Messier on Tue, Sep 02, 2003 (06:19 PM) GMT + + >>> isAddressValid('djfhdfh') + 0 + >>> isAddressValid('djfhdfh@test.com') + 8 + >>> isAddressValid('dj@fhdfh@test.com') + 0 + >>> isAddressValid('dj\@fhdfh@test.com') + 0 + >>> isAddressValid('dj"@"fhdfh@test.com') + 0 + >>> isAddressValid('dj" "fhdfh@test.com') + 0 + >>> isAddressValid('dj\" \"fhdfh@test.com') + 0 + >>> isAddressValid('dj." ".fhdfh@test.com') + 13 + >>> isAddressValid('dj."@ ".fhdfh@test.com') + 14 + >>> isAddressValid('dj."@<> ".fhdfh@test.com') + 16 + >>> isAddressValid('dj."@<>ü ".fhdfh@test.com') + 0 + >>> isAddressValid('dj<>fhdfh@test.com') + 0 + >>> isAddressValid('dj\<\>fhdfh@test.com') + 0 + >>> isAddressValid('dj\ fhdfh@test.com') + 0 + >>> isAddressValid('dj\\ fhdfh@test.com') + 0 + >>> isAddressValid('djfhdfh@test.com.de') + 8 + >>> isAddressValid('djfhdfh@test.co<m.de') + 0 + ''' + # Ported from Recipe 3.9 in Secure Programming Cookbook for C and C++ by + # John Viega and Matt Messier (O'Reilly 2003) + + # First we validate the name portion (name@domain) + c = 0 + while c < len(addr): + if addr[c] == '"' and (not c or addr[c - 1] == '.' or addr[c - 1] == '"'): + c = c + 1 + while c < len(addr): + if addr[c] == '"': + c = c + 1 + break + if addr[c] == '\\' and addr[c + 1] == ' ': + c = c + 2 + continue + if ord(addr[c]) < 32 or ord(addr[c]) >= 127: return 0 + c = c + 1 + else: return 0 + if addr[c] == '@': break + if addr[c] != '.': return 0 + c = c + 1 + continue + if addr[c] == '@': break + if ord(addr[c]) <= 32 or ord(addr[c]) >= 127: return 0 + if addr[c] in rfc822_specials: return 0 + c = c + 1 + if not c or addr[c - 1] == '.': return 0 + + # Next we validate the domain portion (name@domain) + domain = c = c + 1 + if domain >= len(addr): return 0 + count = 0 + while c < len(addr): + if addr[c] == '.': + if c == domain or addr[c - 1] == '.': return 0 + count = count + 1 + if ord(addr[c]) <= 32 or ord(addr[c]) >= 127: return 0 + if addr[c] in rfc822_specials: return 0 + c = c + 1 + + ## The final return statement was modified to return the split point + ## (position of @) so that the email can split in its two subsections. + if count >= 1: + return domain + + def verify_installation(request): config = request.getConfiguration() retval = 1 @@ -159,7 +256,7 @@ def _handle_post(request): error_messages = [] if not 'HTTP_REFERER' in http or \ - not http['HTTP_REFERER'].startswith(config['base_url']): + not http['HTTP_REFERER'].startswith('://'.join(urlparse.urlsplit(config['base_url'])[0:1])): data[MESSAGE_KEY] = "Posting from foreign hosts not allowed.<br />\nUse the form below to send your message." return @@ -173,6 +270,9 @@ def _handle_post(request): parser.feed(form[field].value) email[field] = parser.gettext() + if 'email' in form and not isAddressValid(form['email'].value): + error_messages.append("Invalid email address '%s'. Cannot deliver your message!" % form['email'].value) + if error: data[MESSAGE_KEY] = "<br />\n".join(error_messages) _remember_email(email, data) |