RetroSearch Browse

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://github.com/python/cpython/commit/13a19139b5e76175bc95294d54afc9425e4f36c9 below:

Dont parse domains containing @ (GH-13079) (GH-14826) · python/cpython@13a1913 · GitHub

File tree Expand file treeCollapse file tree 5 files changed

+37

-1

lines changed

Filter options

Misc/NEWS.d/next/Security

Expand file treeCollapse file tree 5 files changed

+37

-1

lines changed Original file line number Diff line number Diff line change


 @@ -1561,6 +1561,8 @@ def get_domain(value):

1561 1561


 token, value = get_dot_atom(value)

1562 1562


 except errors.HeaderParseError:

1563 1563


 token, value = get_atom(value)

1564

+
 if value and value[0] == '@':

1565

+
 raise errors.HeaderParseError('Invalid Domain')

1564 1566


 if leader is not None:

1565 1567


 token[:0] = [leader]

1566 1568


 domain.append(token)

Original file line number Diff line number Diff line change


 @@ -379,7 +379,12 @@ def getaddrspec(self):

379 379


 aslist.append('@')

380 380


 self.pos += 1

381 381


 self.gotonext()

382

-
 return EMPTYSTRING.join(aslist) + self.getdomain()

382

+
 domain = self.getdomain()

383

+
 if not domain:

384

+
 # Invalid domain, return an empty address instead of returning a

385

+
 # local part to denote failed parsing.

386

+
 return EMPTYSTRING

387

+
 return EMPTYSTRING.join(aslist) + domain

383 388 384 389


 def getdomain(self):

385 390


 """Get the complete domain name from an address."""


 @@ -394,6 +399,10 @@ def getdomain(self):

394 399


 elif self.field[self.pos] == '.':

395 400


 self.pos += 1

396 401


 sdlist.append('.')

402

+
 elif self.field[self.pos] == '@':

403

+
 # bpo-34155: Don't parse domains with two `@` like

404

+
 # `a@malicious.org@important.com`.

405

+
 return EMPTYSTRING

397 406


 elif self.field[self.pos] in self.atomends:

398 407


 break

399 408


 else:

Original file line number Diff line number Diff line change


 @@ -1418,6 +1418,16 @@ def test_get_addr_spec_dot_atom(self):

1418 1418


 self.assertEqual(addr_spec.domain, 'example.com')

1419 1419


 self.assertEqual(addr_spec.addr_spec, 'star.a.star@example.com')

1420 1420 1421

+
 def test_get_addr_spec_multiple_domains(self):

1422

+
 with self.assertRaises(errors.HeaderParseError):

1423

+
 parser.get_addr_spec('star@a.star@example.com')

1424 + 1425

+
 with self.assertRaises(errors.HeaderParseError):

1426

+
 parser.get_addr_spec('star@a@example.com')

1427 + 1428

+
 with self.assertRaises(errors.HeaderParseError):

1429

+
 parser.get_addr_spec('star@172.17.0.1@example.com')

1430 + 1421 1431


 # get_obs_route

1422 1432 1423 1433


 def test_get_obs_route_simple(self):

Original file line number Diff line number Diff line change


 @@ -3035,6 +3035,20 @@ def test_parseaddr_empty(self):

3035 3035


 self.assertEqual(utils.parseaddr('<>'), ('', ''))

3036 3036


 self.assertEqual(utils.formataddr(utils.parseaddr('<>')), '')

3037 3037 3038

+
 def test_parseaddr_multiple_domains(self):

3039

+
 self.assertEqual(

3040

+
 utils.parseaddr('a@b@c'),

3041

+
 ('', '')

3042

+
 )

3043

+
 self.assertEqual(

3044

+
 utils.parseaddr('a@b.c@c'),

3045

+
 ('', '')

3046

+
 )

3047

+
 self.assertEqual(

3048

+
 utils.parseaddr('a@172.17.0.1@c'),

3049

+
 ('', '')

3050

+
 )

3051 + 3038 3052


 def test_noquote_dump(self):

3039 3053


 self.assertEqual(

3040 3054


 utils.formataddr(('A Silly Person', 'person@dom.ain')),

Original file line number Diff line number Diff line change


 @@ -0,0 +1 @@

1

+
 Fix parsing of invalid email addresses with more than one ``@`` (e.g. a@b@c.com.) to not return the part before 2nd ``@`` as valid email address. Patch by maxking & jpic.

You can’t perform that action at this time.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4