extras-buildsys/server UserInterface.py,1.17,1.18
Daniel Williams (dcbw)
fedora-extras-commits at redhat.com
Sun Jul 10 04:33:53 UTC 2005
Author: dcbw
Update of /cvs/fedora/extras-buildsys/server
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20593/server
Modified Files:
UserInterface.py
Log Message:
Validate email addresses
Index: UserInterface.py
===================================================================
RCS file: /cvs/fedora/extras-buildsys/server/UserInterface.py,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- UserInterface.py 10 Jul 2005 03:44:37 -0000 1.17
+++ UserInterface.py 10 Jul 2005 04:33:51 -0000 1.18
@@ -53,6 +53,17 @@
return (dbcx, curs)
+def validate_email(email):
+ for c in email:
+ # For now, legal characters are '@_-.+' plus alphanumeric
+ if (c == '@') or (c == '_') or (c == '-') or (c == '.') or (c == '+') or c.isalnum():
+ pass
+ else:
+ print "Bad char is '%s'" % c
+ return False
+ return True
+
+
class UserInterface:
"""
Base UserInterface class. NO AUTHENTICATION. Subclass this to provide some.
@@ -134,14 +145,15 @@
first = True
if args_dict.has_key('email') and args_dict['email']:
- # FIXME: validate email so users can't do random SQL queries
- # in place of the email address
- if first:
- search = search + " WHERE "
- first = False
+ if validate_email(args_dict['email']):
+ if first:
+ search = search + " WHERE "
+ first = False
+ else:
+ search = search + " AND "
+ search = search + 'username LIKE "%%%s%%"' % args_dict['email']
else:
- search = search + " AND "
- search = search + 'username LIKE "%%%s%%"' % args_dict['email']
+ return (-1, "Error: Invalid query.", [], [])
if args_dict.has_key('status') and args_dict['status']:
status = args_dict['status']
More information about the fedora-extras-commits
mailing list