+35
-2
lines changedFilter options
+35
-2
lines changed Original file line number Diff line number Diff line change
@@ -421,7 +421,7 @@ def clean(self, value):
421 421
email_re = re.compile(
422 422
r"(^[-!#$%&'*+/=?^_`{}|~0-9A-Z]+(\.[-!#$%&'*+/=?^_`{}|~0-9A-Z]+)*" # dot-atom
423 423
r'|^"([\001-\010\013\014\016-\037!#-\[\]-\177]|\\[\001-011\013\014\016-\177])*"' # quoted-string
424 -
r')@(?:[A-Z0-9]+(?:-*[A-Z0-9]+)*\.)+[A-Z]{2,6}$', re.IGNORECASE) # domain
424 +
r')@(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+[A-Z]{2,6}\.?$', re.IGNORECASE) # domain
425 425 426 426
class EmailField(RegexField):
427 427
default_error_messages = {
@@ -532,7 +532,7 @@ def clean(self, data, initial=None):
532 532 533 533
url_re = re.compile(
534 534
r'^https?://' # http:// or https://
535 -
r'(?:(?:[A-Z0-9]+(?:-*[A-Z0-9]+)*\.)+[A-Z]{2,6}|' #domain...
535 +
r'(?:(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+[A-Z]{2,6}\.?|' #domain...
536 536
r'localhost|' #localhost...
537 537
r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' # ...or ip
538 538
r'(?::\d+)?' # optional port
@@ -767,6 +767,13 @@
767 767
>>> f.clean('example@valid-with-hyphens.com')
768 768
u'example@valid-with-hyphens.com'
769 769 770 +
# Check for runaway regex security problem. This will take for-freeking-ever
771 +
# if the security fix isn't in place.
772 +
>>> f.clean('viewx3dtextx26qx3d@yahoo.comx26latlngx3d15854521645943074058')
773 +
Traceback (most recent call last):
774 +
...
775 +
ValidationError: [u'Enter a valid e-mail address.']
776 + 770 777
>>> f = EmailField(required=False)
771 778
>>> f.clean('')
772 779
u''
@@ -972,6 +979,32 @@
972 979
Traceback (most recent call last):
973 980
...
974 981
ValidationError: [u'Enter a valid URL.']
982 +
>>> f.clean('.')
983 +
Traceback (most recent call last):
984 +
...
985 +
ValidationError: [u'Enter a valid URL.']
986 +
>>> f.clean('com.')
987 +
Traceback (most recent call last):
988 +
...
989 +
ValidationError: [u'Enter a valid URL.']
990 +
>>> f.clean('http://example.com.')
991 +
u'http://example.com./'
992 +
>>> f.clean('example.com.')
993 +
u'http://example.com./'
994 + 995 +
# hangs "forever" if catastrophic backtracking in ticket:#11198 not fixed
996 +
>>> f.clean('http://%s' % ("X"*200,))
997 +
Traceback (most recent call last):
998 +
...
999 +
ValidationError: [u'Enter a valid URL.']
1000 + 1001 +
# a second test, to make sure the problem is really addressed, even on
1002 +
# domains that don't fail the domain label length check in the regex
1003 +
>>> f.clean('http://%s' % ("X"*60,))
1004 +
Traceback (most recent call last):
1005 +
...
1006 +
ValidationError: [u'Enter a valid URL.']
1007 + 975 1008
>>> f.clean('http://.com')
976 1009
Traceback (most recent call last):
977 1010
...
You can’t perform that action at this time.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4