RetroSearch Browse

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://github.com/python/cpython/commit/063eba280a11d3c9a5dd9ee5abe4de640907951b below:

Dont parse domains containing @ (GH-13079) (#15317) · python/cpython@063eba2 · GitHub

File tree Expand file treeCollapse file tree 5 files changed

+37

-1

lines changed

Filter options

Misc/NEWS.d/next/Security

Expand file treeCollapse file tree 5 files changed

+37

-1

lines changed Original file line number Diff line number Diff line change


 @@ -1964,6 +1964,8 @@ def get_domain(value):

1964 1964


 token, value = get_dot_atom(value)

1965 1965


 except errors.HeaderParseError:

1966 1966


 token, value = get_atom(value)

1967

+
 if value and value[0] == '@':

1968

+
 raise errors.HeaderParseError('Invalid Domain')

1967 1969


 if leader is not None:

1968 1970


 token[:0] = [leader]

1969 1971


 domain.append(token)

Original file line number Diff line number Diff line change


 @@ -379,7 +379,12 @@ def getaddrspec(self):

379 379


 aslist.append('@')

380 380


 self.pos += 1

381 381


 self.gotonext()

382

-
 return EMPTYSTRING.join(aslist) + self.getdomain()

382

+
 domain = self.getdomain()

383

+
 if not domain:

384

+
 # Invalid domain, return an empty address instead of returning a

385

+
 # local part to denote failed parsing.

386

+
 return EMPTYSTRING

387

+
 return EMPTYSTRING.join(aslist) + domain

383 388 384 389


 def getdomain(self):

385 390


 """Get the complete domain name from an address."""


 @@ -394,6 +399,10 @@ def getdomain(self):

394 399


 elif self.field[self.pos] == '.':

395 400


 self.pos += 1

396 401


 sdlist.append('.')

402

+
 elif self.field[self.pos] == '@':

403

+
 # bpo-34155: Don't parse domains with two `@` like

404

+
 # `a@malicious.org@important.com`.

405

+
 return EMPTYSTRING

397 406


 elif self.field[self.pos] in self.atomends:

398 407


 break

399 408


 else:

Original file line number Diff line number Diff line change


 @@ -1418,6 +1418,16 @@ def test_get_addr_spec_dot_atom(self):

1418 1418


 self.assertEqual(addr_spec.domain, 'example.com')

1419 1419


 self.assertEqual(addr_spec.addr_spec, 'star.a.star@example.com')

1420 1420 1421

+
 def test_get_addr_spec_multiple_domains(self):

1422

+
 with self.assertRaises(errors.HeaderParseError):

1423

+
 parser.get_addr_spec('star@a.star@example.com')

1424 + 1425

+
 with self.assertRaises(errors.HeaderParseError):

1426

+
 parser.get_addr_spec('star@a@example.com')

1427 + 1428

+
 with self.assertRaises(errors.HeaderParseError):

1429

+
 parser.get_addr_spec('star@172.17.0.1@example.com')

1430 + 1421 1431


 # get_obs_route

1422 1432 1423 1433


 def test_get_obs_route_simple(self):

Original file line number Diff line number Diff line change


 @@ -3015,6 +3015,20 @@ def test_parseaddr_empty(self):

3015 3015


 self.assertEqual(utils.parseaddr('<>'), ('', ''))

3016 3016


 self.assertEqual(utils.formataddr(utils.parseaddr('<>')), '')

3017 3017 3018

+
 def test_parseaddr_multiple_domains(self):

3019

+
 self.assertEqual(

3020

+
 utils.parseaddr('a@b@c'),

3021

+
 ('', '')

3022

+
 )

3023

+
 self.assertEqual(

3024

+
 utils.parseaddr('a@b.c@c'),

3025

+
 ('', '')

3026

+
 )

3027

+
 self.assertEqual(

3028

+
 utils.parseaddr('a@172.17.0.1@c'),

3029

+
 ('', '')

3030

+
 )

3031 + 3018 3032


 def test_noquote_dump(self):

3019 3033


 self.assertEqual(

3020 3034


 utils.formataddr(('A Silly Person', 'person@dom.ain')),

Original file line number Diff line number Diff line change


 @@ -0,0 +1 @@

1

+
 Fix parsing of invalid email addresses with more than one ``@`` (e.g. a@b@c.com.) to not return the part before 2nd ``@`` as valid email address. Patch by maxking & jpic.

You can’t perform that action at this time.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4