[Mailman-Developers] 1030228 Mass Subscribe address with controlcharacter - can't delete

Tokio Kikuchi tkikuchi at is.kochi-u.ac.jp
Mon Sep 20 02:22:34 CEST 2004


Hi,

Mark Sapiro wrote:

> Thus, it would seem as a practical matter, Mailman should not accept
> for subscription any address containing any characters in the ranges
> \000-\037 and \177-\377. Thus I suggest the following, totally
> untested change:
> 
> --- mailman-2.1.5/Mailman/Utils.py      2003-12-26 14:50:04.000000000
> -0800
> +++ mailman-mas/Mailman/Utils.py        2004-09-19 12:49:30.000000000
> -0700
> @@ -198,7 +198,7 @@
> 
> 
>  # TBD: what other characters should be disallowed?
> -_badchars = re.compile(r'[][()<>|;^,/\200-\377]')
> +_badchars = re.compile(r'[][()<>|;^,/\000-\037\177-\377]')
> 
>  def ValidateEmail(s):
>      """Verify that the an email address isn't grossly evil."""

This patch looks reasonable and will be merged in CVS soon. Also, I
wonder if '/' should be removed from this list. It is X.400 char
and long have been asked for allowing. My test with postfix looks
like to accept at least in aliases and testing with mailman options
interface looks OK. (although a little bit uneasy because mailman cgi
separates command options with '/' character.)

> 
> This still leaves open the question of whether the printable characters
> in the _badchars RE are the right ones and what to do with
> quoted-string local-parts, but I think it would prevent my immediate
> problem from recurring.
> 
-- 
Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp
http://weather.is.kochi-u.ac.jp/



More information about the Mailman-Developers mailing list