Opened 3 years ago

Closed 3 years ago

#16310 closed Bug (duplicate)

EmailValiadtor lets through [...].com. (dot at the end)

Reported by: anonymous Owned by: nobody
Component: Core (Other) Version: 1.3
Severity: Normal Keywords: EmailValiadtor validation email
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: no UI/UX: no


>>> from django.core.validators import validate_email
>>> validate_email('')
[no error raised, note dot at the end of address]

Attachments (1) (1.4 KB) - added by julien 3 years ago.
Fix + test

Download all attachments as: .zip

Change History (4)

Changed 3 years ago by julien

Fix + test

comment:1 Changed 3 years ago by julien

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Accepted

comment:2 Changed 3 years ago by julien

  • Patch needs improvement set

Note that this bug was introduced in changeset [11605], which itself was to fix a security issue where the email and url validation regular expressions could be exploited in public form submissions to cause a DOS. Therefore this bug should be fixed cautiously. In particular more thorough tests should be written to ensure that no dangerous regression (and no regression at all, even) is introduced.

comment:3 Changed 3 years ago by julien

  • Resolution set to duplicate
  • Status changed from new to closed

This is a dupe of #12027.

Add Comment

Modify Ticket

Change Properties
<Author field>
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.