summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGunnar Wrobel <wrobel@gentoo.org>2005-09-04 10:18:13 +0000
committerGunnar Wrobel <wrobel@gentoo.org>2005-09-04 10:18:13 +0000
commitc09d534808ecfc6d08a6a5cc53ea1a5b6a9363ed (patch)
treed49d1df5025b4077c555a6233531fea99e0f7d09 /www-apps/pyblosxom-plugins/files
parentFixed digests (diff)
downloadoverlay-c09d534808ecfc6d08a6a5cc53ea1a5b6a9363ed.tar.gz
overlay-c09d534808ecfc6d08a6a5cc53ea1a5b6a9363ed.tar.bz2
overlay-c09d534808ecfc6d08a6a5cc53ea1a5b6a9363ed.zip
Trying to fix contact plugin
svn path=/; revision=341
Diffstat (limited to 'www-apps/pyblosxom-plugins/files')
-rw-r--r--www-apps/pyblosxom-plugins/files/contact.py104
1 files changed, 102 insertions, 2 deletions
diff --git a/www-apps/pyblosxom-plugins/files/contact.py b/www-apps/pyblosxom-plugins/files/contact.py
index 7e30cf2..f44f8a6 100644
--- a/www-apps/pyblosxom-plugins/files/contact.py
+++ b/www-apps/pyblosxom-plugins/files/contact.py
@@ -31,7 +31,7 @@ __license__ = "GPL 2+"
# Python imports
-
+import urlparse
# Pyblosxom imports
from Pyblosxom.renderers.blosxom import Renderer
@@ -79,6 +79,103 @@ _default_template = """
</div>
"""
+################################################################################
+##
+## Helper functions
+##
+################################################################################
+
+rfc822_specials = '()<>@,;:\\"[]'
+
+def isAddressValid(addr):
+ '''
+ Taken from
+
+ http://www.secureprogramming.com/?action=view&feature=recipes&recipeid=1
+
+ Posted by Matt Messier on Tue, Sep 02, 2003 (06:19 PM) GMT
+
+ >>> isAddressValid('djfhdfh')
+ 0
+ >>> isAddressValid('djfhdfh@test.com')
+ 8
+ >>> isAddressValid('dj@fhdfh@test.com')
+ 0
+ >>> isAddressValid('dj\@fhdfh@test.com')
+ 0
+ >>> isAddressValid('dj"@"fhdfh@test.com')
+ 0
+ >>> isAddressValid('dj" "fhdfh@test.com')
+ 0
+ >>> isAddressValid('dj\" \"fhdfh@test.com')
+ 0
+ >>> isAddressValid('dj." ".fhdfh@test.com')
+ 13
+ >>> isAddressValid('dj."@ ".fhdfh@test.com')
+ 14
+ >>> isAddressValid('dj."@<> ".fhdfh@test.com')
+ 16
+ >>> isAddressValid('dj."@<>ü ".fhdfh@test.com')
+ 0
+ >>> isAddressValid('dj<>fhdfh@test.com')
+ 0
+ >>> isAddressValid('dj\<\>fhdfh@test.com')
+ 0
+ >>> isAddressValid('dj\ fhdfh@test.com')
+ 0
+ >>> isAddressValid('dj\\ fhdfh@test.com')
+ 0
+ >>> isAddressValid('djfhdfh@test.com.de')
+ 8
+ >>> isAddressValid('djfhdfh@test.co<m.de')
+ 0
+ '''
+ # Ported from Recipe 3.9 in Secure Programming Cookbook for C and C++ by
+ # John Viega and Matt Messier (O'Reilly 2003)
+
+ # First we validate the name portion (name@domain)
+ c = 0
+ while c < len(addr):
+ if addr[c] == '"' and (not c or addr[c - 1] == '.' or addr[c - 1] == '"'):
+ c = c + 1
+ while c < len(addr):
+ if addr[c] == '"':
+ c = c + 1
+ break
+ if addr[c] == '\\' and addr[c + 1] == ' ':
+ c = c + 2
+ continue
+ if ord(addr[c]) < 32 or ord(addr[c]) >= 127: return 0
+ c = c + 1
+ else: return 0
+ if addr[c] == '@': break
+ if addr[c] != '.': return 0
+ c = c + 1
+ continue
+ if addr[c] == '@': break
+ if ord(addr[c]) <= 32 or ord(addr[c]) >= 127: return 0
+ if addr[c] in rfc822_specials: return 0
+ c = c + 1
+ if not c or addr[c - 1] == '.': return 0
+
+ # Next we validate the domain portion (name@domain)
+ domain = c = c + 1
+ if domain >= len(addr): return 0
+ count = 0
+ while c < len(addr):
+ if addr[c] == '.':
+ if c == domain or addr[c - 1] == '.': return 0
+ count = count + 1
+ if ord(addr[c]) <= 32 or ord(addr[c]) >= 127: return 0
+ if addr[c] in rfc822_specials: return 0
+ c = c + 1
+
+ ## The final return statement was modified to return the split point
+ ## (position of @) so that the email can split in its two subsections.
+ if count >= 1:
+ return domain
+
+
def verify_installation(request):
config = request.getConfiguration()
retval = 1
@@ -159,7 +256,7 @@ def _handle_post(request):
error_messages = []
if not 'HTTP_REFERER' in http or \
- not http['HTTP_REFERER'].startswith(config['base_url']):
+ not http['HTTP_REFERER'].startswith('://'.join(urlparse.urlsplit(config['base_url'])[0:1])):
data[MESSAGE_KEY] = "Posting from foreign hosts not allowed.<br />\nUse the form below to send your message."
return
@@ -173,6 +270,9 @@ def _handle_post(request):
parser.feed(form[field].value)
email[field] = parser.gettext()
+ if 'email' in form and not isAddressValid(form['email'].value):
+ error_messages.append("Invalid email address '%s'. Cannot deliver your message!" % form['email'].value)
+
if error:
data[MESSAGE_KEY] = "<br />\n".join(error_messages)
_remember_email(email, data)