Opened 13 years ago
Closed 13 years ago
#16310 closed Bug (duplicate)
EmailValiadtor lets through [...].com. (dot at the end)
| Reported by: | anonymous | Owned by: | nobody |
|---|---|---|---|
| Component: | Core (Other) | Version: | 1.3 |
| Severity: | Normal | Keywords: | EmailValiadtor validation email |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | yes |
| Easy pickings: | no | UI/UX: | no |
Description
>>> from django.core.validators import validate_email
>>> validate_email('asd@asd.com.')
[no error raised, note dot at the end of address]
Attachments (1)
Change History (4)
by , 13 years ago
| Attachment: | 16310.email-regexp-fix.diff added |
|---|
comment:1 by , 13 years ago
| Triage Stage: | Unreviewed → Accepted |
|---|
comment:2 by , 13 years ago
| Patch needs improvement: | set |
|---|
Note that this bug was introduced in changeset [11605], which itself was to fix a security issue where the email and url validation regular expressions could be exploited in public form submissions to cause a DOS. Therefore this bug should be fixed cautiously. In particular more thorough tests should be written to ensure that no dangerous regression (and no regression at all, even) is introduced.
Note:
See TracTickets
for help on using tickets.
Fix + test