diff --git a/last_commit.txt b/last_commit.txt index 80e577e00b..ef962315c4 100644 --- a/last_commit.txt +++ b/last_commit.txt @@ -1,16 +1,21 @@ -Repository: plone.app.discussion +Repository: Products.CMFPlone -Branch: refs/heads/3.4.x -Date: 2024-03-21T15:05:59+01:00 -Author: Katja Süss (ksuess) -Commit: https://github.com/plone/plone.app.discussion/commit/f3b50d753ffd5cd7da767b9d211bfe2d19360854 +Branch: refs/heads/5.2.x +Date: 2024-10-30T08:47:17-07:00 +Author: Peter Mathis (petschki) +Commit: https://github.com/plone/Products.CMFPlone/commit/7f494f98716dfce3f3c9897bd8cf95bb4661f351 -Apply validation for all captchas (version 3.4.x) (#233) +Respect new strict parsing of `email.utils.getaddresses` [5.2] (#4039) + +* Respect new strict parsing of `email.utils.getaddresses` + +* changenote Files changed: -A news/233.bugfix -M plone/app/discussion/browser/validator.py +A news/4039.bugfix +M Products/CMFPlone/PloneTool.py +M Products/CMFPlone/tests/testPloneTool.py -b"diff --git a/news/233.bugfix b/news/233.bugfix\nnew file mode 100644\nindex 00000000..8bfc3559\n--- /dev/null\n+++ b/news/233.bugfix\n@@ -0,0 +1 @@\n+Apply validation for all captchas. @ksuess\n\\ No newline at end of file\ndiff --git a/plone/app/discussion/browser/validator.py b/plone/app/discussion/browser/validator.py\nindex 360616b7..dce3c52b 100644\n--- a/plone/app/discussion/browser/validator.py\n+++ b/plone/app/discussion/browser/validator.py\n@@ -49,7 +49,7 @@ def validate(self, value):\n registry = queryUtility(IRegistry)\n settings = registry.forInterface(IDiscussionSettings, check=False)\n \n- if settings.captcha in ('captcha', 'recaptcha', 'norobots'):\n+ if settings.captcha != 'disabled':\n captcha = getMultiAdapter((aq_inner(self.context), self.request),\n name=settings.captcha)\n if not captcha.verify(input=value):\n" +b'diff --git a/Products/CMFPlone/PloneTool.py b/Products/CMFPlone/PloneTool.py\nindex 8deb7e2b52..79763dc2e6 100644\n--- a/Products/CMFPlone/PloneTool.py\n+++ b/Products/CMFPlone/PloneTool.py\n@@ -141,6 +141,12 @@ def validateSingleNormalizedEmailAddress(self, address):\n if not isinstance(address, six.string_types):\n return False\n \n+ address = address.strip()\n+\n+ # address can be empty if getaddresses has parsing errors (returns [("", "")])\n+ if address == "":\n+ return False\n+\n sub = EMAIL_CUTOFF_RE.match(address)\n if sub is not None:\n # Address contains two newlines (possible spammer relay attack)\ndiff --git a/Products/CMFPlone/tests/testPloneTool.py b/Products/CMFPlone/tests/testPloneTool.py\nindex 683df9e898..f3468dcc84 100644\n--- a/Products/CMFPlone/tests/testPloneTool.py\n+++ b/Products/CMFPlone/tests/testPloneTool.py\n@@ -75,7 +75,6 @@ def testvalidateEmailAddresses(self):\n validInputs = (\n \'user@example.org\',\n \'user@example.org,\\n user2@example.org\',\n- \'user@example.org\\n user2@example.org\', # omitting comma is ok\n \'USER@EXAMPLE.ORG,\\n User2@Example.Org\',\n )\n invalidInputs = (\ndiff --git a/news/4039.bugfix b/news/4039.bugfix\nnew file mode 100644\nindex 0000000000..e9cc73c207\n--- /dev/null\n+++ b/news/4039.bugfix\n@@ -0,0 +1,2 @@\n+Update for strict parsing in `email.utils.getaddresses` newest versions.\n+[petschki]\n'