Moved customization from old contact.py over

svn path=/stable/; revision=657
author: Gunnar Wrobel <wrobel@gentoo.org> 2006-02-07 09:40:40 +0000
committer: Gunnar Wrobel <wrobel@gentoo.org> 2006-02-07 09:40:40 +0000
commit: 27a3ea491548d372a456f2e9e0520cd9403946c2 (patch)
tree: 1e5230e99a083d7fe3809f033a1cfca83f477fe3 /www-apps
parent: Updated digest (diff)
download: overlay-27a3ea491548d372a456f2e9e0520cd9403946c2.tar.gz
overlay-27a3ea491548d372a456f2e9e0520cd9403946c2.tar.bz2
overlay-27a3ea491548d372a456f2e9e0520cd9403946c2.zip
1 files changed, 135 insertions, 28 deletions
diff --git a/www-apps/pyblosxom-plugins/files/contact.py b/www-apps/pyblosxom-plugins/files/contact.py
index 993fe5c..d2f902d 100644
--- a/www-apps/pyblosxom-plugins/files/contact.py
+++ b/www-apps/pyblosxom-plugins/files/contact.py
@@ -31,7 +31,7 @@ __license__ = "GPL 2+"
 
 
 # Python imports
-
+import urlparse
 
 # Pyblosxom imports
 from Pyblosxom.renderers.blosxom import Renderer
@@ -46,39 +46,142 @@ MESSAGE_KEY = "contact_error_message"
 _form_fields = ['name', 'email', 'subject', 'message']
 
 _default_template = """
-<style type="text/css">
-<!--
-#contactForm label {
-    float: left;
-    width: 25%;
-    padding-top: 3px;
-    margin-bottom: 5px;
-    }
-#contactForm input, textarea {
-    width: 70%;
-    margin-right: 10px;
-    margin-bottom: 5px;
-    }
--->
-</style>
 <div>
-<h3>Contact me</h3>
+<h2>Contact me</h2>
 <div style="display:block;">$contact_error_message</div>
 <form name="contactForm" id="contactForm" method="post" action="$base_url$contact_urltrigger">
-<label for="name" title="Your name">Name</label>
-<input type="text" name="name" id="name" value="$contact_name" /><br />
-<label for="email" title="Your email address">Email</label>
-<input type="text" name="email" id="email" value="$contact_email" /><br />
-<label for="subject" title="Subject of your message">Subject</label>
-<input type="text" name="subject" id="subject" value="$contact_subject" /><br />
-<label for="message" title="Your message">Message</label>
-<textarea name="message" id="message" style="height:150px;">$contact_message</textarea><br />
-<input type="submit" value="Send" style="width:auto; margin-right:0;" />
-<input type="reset" value="Reset" style="width:auto; margin-right:0;" />
+<div class="contactLine">
+  <div class="contactLabel">
+    <label class="contactLine" for="name" title="Your name">Name</label>
+  </div>
+  <input type="text" name="name" id="name" value="$contact_name" /><br />
+</div>
+<div class="contactLine">
+  <div class="contactLabel">
+    <label class="contactLine" for="email" title="Your email address">Email</label>
+  </div>
+  <input type="text" name="email" id="email" value="$contact_email" /><br />
+</div>
+<div class="contactLine">
+  <div class="contactLabel">
+    <label class="contactLine" for="subject" title="Subject of your message">Subject</label>
+  </div>
+  <input class="contactLine" type="text" name="subject" id="subject" value="$contact_subject" /><br />
+</div>
+<div class="contactText">
+  <div class="contactLabel">
+    <label class="contactText" for="message" title="Your message">Message</label>
+  </div>
+  <textarea name="message" id="message" style="height:150px;">$contact_message</textarea><br />
+</div>
+<div class="contactSubmit">
+  <div class="contactButton">
+    <input class="contactSubmit" type="submit" value="Send" style="width:auto; margin-right:0;" />
+  </div>
+  <div class="contactButton">
+    <input class="contactSubmit" type="reset" value="Reset" style="width:auto; margin-right:0;" />
+  </div>
+</div>
 </form>
 </div>
 """
 
+################################################################################
+##
+## Helper functions
+##
+################################################################################
+
+rfc822_specials = '()<>@,;:\\"[]'
+
+def isAddressValid(addr):
+    '''
+    Taken from
+
+    http://www.secureprogramming.com/?action=view&feature=recipes&recipeid=1
+
+    Posted by Matt Messier on Tue, Sep 02, 2003 (06:19 PM) GMT
+
+    >>> isAddressValid('djfhdfh')
+    0
+    >>> isAddressValid('djfhdfh@test.com')
+    8
+    >>> isAddressValid('dj@fhdfh@test.com')
+    0
+    >>> isAddressValid('dj\@fhdfh@test.com')
+    0
+    >>> isAddressValid('dj"@"fhdfh@test.com')
+    0
+    >>> isAddressValid('dj" "fhdfh@test.com')
+    0
+    >>> isAddressValid('dj\" \"fhdfh@test.com')
+    0
+    >>> isAddressValid('dj." ".fhdfh@test.com')
+    13
+    >>> isAddressValid('dj."@ ".fhdfh@test.com')
+    14
+    >>> isAddressValid('dj."@<> ".fhdfh@test.com')
+    16
+    >>> isAddressValid('dj."@<>ü ".fhdfh@test.com')
+    0
+    >>> isAddressValid('dj<>fhdfh@test.com')
+    0
+    >>> isAddressValid('dj\<\>fhdfh@test.com')
+    0
+    >>> isAddressValid('dj\ fhdfh@test.com')
+    0
+    >>> isAddressValid('dj\\ fhdfh@test.com')
+    0
+    >>> isAddressValid('djfhdfh@test.com.de')
+    8
+    >>> isAddressValid('djfhdfh@test.co<m.de')
+    0
+    '''
+    # Ported from Recipe 3.9 in Secure Programming Cookbook for C and C++ by
+    # John Viega and Matt Messier (O'Reilly 2003)
+
+    # First we validate the name portion (name@domain)
+    c = 0
+    while c < len(addr):
+        if addr[c] == '"' and (not c or addr[c - 1] == '.' or addr[c - 1] == '"'):
+            c = c + 1
+            while c < len(addr):
+                if addr[c] == '"':
+                    c = c + 1
+                    break
+                if addr[c] == '\\' and addr[c + 1] == ' ':
+                    c = c + 2
+                    continue
+                if ord(addr[c]) < 32 or ord(addr[c]) >= 127: return 0
+                c = c + 1
+            else: return 0
+            if addr[c] == '@': break
+            if addr[c] != '.': return 0
+            c = c + 1
+            continue
+        if addr[c] == '@': break
+        if ord(addr[c]) <= 32 or ord(addr[c]) >= 127: return 0
+        if addr[c] in rfc822_specials: return 0
+        c = c + 1
+    if not c or addr[c - 1] == '.': return 0
+
+    # Next we validate the domain portion (name@domain)
+    domain = c = c + 1
+    if domain >= len(addr): return 0
+    count = 0
+    while c < len(addr):
+        if addr[c] == '.':
+            if c == domain or addr[c - 1] == '.': return 0
+            count = count + 1
+        if ord(addr[c]) <= 32 or ord(addr[c]) >= 127: return 0
+        if addr[c] in rfc822_specials: return 0
+        c = c + 1
+
+    ## The final return statement was modified to return the split point
+    ## (position of @) so that the email can split in its two subsections.
+    if count >= 1:
+        return domain
+
 def verify_installation(request):
     config = request.getConfiguration()
     retval = 1
@@ -167,7 +270,7 @@ def _handle_post(request):
     error_messages = []
 
     if not 'HTTP_REFERER' in http or \
-            not http['HTTP_REFERER'].startswith(config['base_url']):
+           not http['HTTP_REFERER'].startswith('://'.join(urlparse.urlsplit(config['base_url'])[0:1])):
         data[MESSAGE_KEY] = "Posting from foreign hosts not allowed.<br />\nUse the form below to send your message."
         return
 
@@ -181,6 +284,10 @@ def _handle_post(request):
             parser.feed(form[field].value)
             email[field] = parser.gettext()
 
+    if 'email' in email.keys() and not isAddressValid(email['email']):
+            error = True
+	    error_messages.append("Invalid email address '%s'. Cannot deliver your message!" % email['email'])
+
     if error:
         data[MESSAGE_KEY] = "<br />\n".join(error_messages)
         _remember_email(email, data)
author	Gunnar Wrobel <wrobel@gentoo.org>	2006-02-07 09:40:40 +0000
committer	Gunnar Wrobel <wrobel@gentoo.org>	2006-02-07 09:40:40 +0000
commit	27a3ea491548d372a456f2e9e0520cd9403946c2 (patch)
tree	1e5230e99a083d7fe3809f033a1cfca83f477fe3 /www-apps
parent	Updated digest (diff)
download	overlay-27a3ea491548d372a456f2e9e0520cd9403946c2.tar.gz overlay-27a3ea491548d372a456f2e9e0520cd9403946c2.tar.bz2 overlay-27a3ea491548d372a456f2e9e0520cd9403946c2.zip