Re: [Django] #12027: EmailField validation is incorrect, trailing dots fail (was: EmailField validation is incorrect)
Django
-------------------------------------+-------------------------------------
Reporter: Klas H | Owner: nobody
Type: | Status: reopened
Uncategorized | Component: Core (Other)
Milestone: | Severity: Normal
Version: SVN | Keywords: email, regular
Resolution: | expression, validation
Triage Stage: | Has patch: 1
Unreviewed | Needs tests: 0
Needs documentation: 0 | Easy pickings: 0
Patch needs improvement: 0 |
UI/UX: 0 |
-------------------------------------+-------------------------------------
Changes (by Josh C):
* status: closed => reopened
* severity: => Normal
* cc: joshcartme@… (added)
* resolution: invalid =>
* easy: => 0
* ui_ux: => 0
* type: => Uncategorized
Comment:
I'm not convinced this should be closed. Although DNS should correctly
resolve a domain with a trailing dot according to the specification
(documented at the beginning of page 7 here
http://www.ietf.org/rfc/rfc1034.txt) sending emails to addresses that end
with a dot fails at least in my case. For example I tried sending an
email to and from a google apps address of mine using thunderbird. I was
sent back a Delivery Status Notification (Failure).
When trying to use EmailMultiAlternatives with a email address of this
form, m...@domain.com. as an example, msg.send() breaks with the following
error:
SMTPRecipientsRefused: {'m...@domain.com.': (501, '<tedli...@aol.com.>:
domain missing or malformed')}
Here is a quote from RFC 5321 section 2.3.5
(http://tools.ietf.org/html/rfc5321#section-2.3.5):
"A domain name (or often just a "domain") consists of one or more
components, separated by dots if more than one appears."
I think the important word is separated, it does not say terminated
therefore an email address should not be terminated by a dot.
More discussion on that here: http://tech.groups.yahoo.com/group/postfix-
users/message/244166.
At the very least I think this needs to be revisited and properly
discussed. Emails with dots at the end do not send so why should they be
validated by Django?
--
Ticket URL: <https://code.djangoproject.com/ticket/12027#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
-------------------------------------+-------------------------------------
Reporter: Klas H | Owner: nobody
Milestone: | Component: Core (Other)
Version: SVN | Severity: Normal
Resolution: | Keywords: email, regular
Triage Stage: Accepted | expression, validation
Needs documentation: 0 | Has patch: 1
Patch needs improvement: 0 | Needs tests: 0
UI/UX: 0 | Easy pickings: 0
-------------------------------------+-------------------------------------
Changes (by julien):
* type: Uncategorized => Bug
* stage: Unreviewed => Accepted
Comment:
#16310 was a duplicate. Note that this behaviour was introduced in
changeset [11605], which itself was to fix a security issue where the
email and url validation regular expressions could be exploited in public
form submissions to cause a DOS. Therefore this should be treated very
cautiously.
I haven't done enough research to confirm whether this is a genuine bug or
not. However, this behaviour (i.e. trailing dots) doesn't seem to be
tested at all. So I'm accepting this ticket on the basis that at the very
least it needs some tests.
--
Ticket URL: <https://code.djangoproject.com/ticket/12027#comment:3>
Django
-------------------------------------+-------------------------------------
Reporter: Klas H | Owner: nobody
Type: Bug | Status: reopened
Milestone: | Component: Core (Other)
Version: SVN | Severity: Normal
Resolution: | Keywords: email, regular
Triage Stage: Accepted | expression, validation
Needs documentation: 0 | Has patch: 1
-------------------------------------+-------------------------------------
Changes (by julien):
* needs_tests: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/12027#comment:4>
Django
-------------------------------------+-------------------------------------
Reporter: Klas H | Owner: nobody
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: email, regular | Triage Stage: Ready for
expression, validation | checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 1 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by shaz):
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/12027#comment:6>
Django
-------------------------------------+-------------------------------------
Type: Bug | Status: assigned
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: email, regular | Triage Stage: Ready for
expression, validation | checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 1 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by shaz):
* status: new => assigned
* owner: nobody => shaz
--
Ticket URL: <https://code.djangoproject.com/ticket/12027#comment:7>
Django
-------------------------------------+-------------------------------------
Reporter: Klas H | Owner: shaz
Type: Bug | Status: assigned
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
expression, validation | Needs documentation: 0
Needs tests: 1 | UI/UX: 0
Easy pickings: 0 |
-------------------------------------+-------------------------------------
* cc: timograham@… (added)
* needs_better_patch: 0 => 1
* stage: Ready for checkin => Accepted
Comment:
Please don't mark your own patch as RFC. It looks like this needs to be
discussed as to whether we want to continue to allow email addresses that
end with periods or not. If so, the test in the latest patch is a bit
awkward (using both unittest.expectedFailure and assertFailsValidation).
--
Ticket URL: <https://code.djangoproject.com/ticket/12027#comment:8>
Django
-------------------------------------+-------------------------------------
Reporter: Klas H | Owner: shaz
Type: Bug | Status: assigned
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: email, regular | Triage Stage: Accepted
expression, validation | Needs documentation: 0
Has patch: 1 | Patch needs improvement: 1
Needs tests: 1 | UI/UX: 0
Easy pickings: 0 |
-------------------------------------+-------------------------------------
Comment (by olau):
We just had an SMTP exception from Exim because a user managed to enter
his email address with a trailing dot. Probably he copied it from
somewhere with a period at the end. This echoes what Josh C said, but I
just want to confirm that Django's behaviour in this case caused us a real
problem, so yeah, this is a genuine bug.
--
Ticket URL: <https://code.djangoproject.com/ticket/12027#comment:9>
Django
-------------------------------------+-------------------------------------
Reporter: Klas H | Owner: shaz
Type: Bug | Status: assigned
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: email, regular | Triage Stage: Accepted
expression, validation | Needs documentation: 0
Needs tests: 0 | UI/UX: 0
Easy pickings: 0 |
-------------------------------------+-------------------------------------
Changes (by timo):
* needs_better_patch: 1 => 0
* needs_tests: 1 => 0
Comment:
Here's a simple patch that avoids messing with the regex. Perhaps it's
good enough.
--
Ticket URL: <https://code.djangoproject.com/ticket/12027#comment:10>
Django
-------------------------------------+-------------------------------------
Reporter: Klas H | Owner: shaz
Type: Bug | Status: assigned
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: email, regular | Triage Stage: Accepted
expression, validation | Needs documentation: 0
Has patch: 1 | Patch needs improvement: 0
Needs tests: 0 | UI/UX: 0
Easy pickings: 0 |
-------------------------------------+-------------------------------------
Comment (by timo):
And now a version that modifies the regex. Thanks @claudep
--
Ticket URL: <https://code.djangoproject.com/ticket/12027#comment:11>
Django
-------------------------------------+-------------------------------------
Reporter: Klas H | Owner: shaz
Type: Bug | Status: assigned
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
expression, validation | checkin
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/12027#comment:12>
Django
-------------------------------------+-------------------------------------
Reporter: Klas H | Owner: shaz
Component: Core (Other) | Version: master
Keywords: email, regular | Triage Stage: Ready for
expression, validation | checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"4cfbde71a33973cb8c8da406b2523dfc742358e7"]:
{{{
#!CommitTicketReference repository=""
revision="4cfbde71a33973cb8c8da406b2523dfc742358e7"
Fixed #12027 -- Fixed EmailValidator to reject a trailing dot.
Thanks Klas H for the report and claudep for the patch.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/12027#comment:13>