From dfe495fbe8e360ee3b3cd8b29e55ee19d86fc9d2 Mon Sep 17 00:00:00 2001 From: Honza Král Date: Mon, 12 Oct 2009 10:16:17 +0000 Subject: [soc2009/model-validation] Merged to trunk at r11603 SECURITY ALERT: Corrected regular expressions for URL and email fields. git-svn-id: http://code.djangoproject.com/svn/django/branches/soc2009/model-validation@11617 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- django/core/validators.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'django/core/validators.py') diff --git a/django/core/validators.py b/django/core/validators.py index 225dd5cba2..4515ca7a4f 100644 --- a/django/core/validators.py +++ b/django/core/validators.py @@ -40,7 +40,7 @@ class RegexValidator(object): class URLValidator(RegexValidator): regex = re.compile( r'^https?://' # http:// or https:// - r'(?:(?:[A-Z0-9]+(?:-*[A-Z0-9]+)*\.)+[A-Z]{2,6}|' #domain... + r'(?:(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+[A-Z]{2,6}\.?|' #domain... r'localhost|' #localhost... r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' # ...or ip r'(?::\d+)?' # optional port @@ -81,7 +81,7 @@ def validate_integer(value): email_re = re.compile( r"(^[-!#$%&'*+/=?^_`{}|~0-9A-Z]+(\.[-!#$%&'*+/=?^_`{}|~0-9A-Z]+)*" # dot-atom r'|^"([\001-\010\013\014\016-\037!#-\[\]-\177]|\\[\001-011\013\014\016-\177])*"' # quoted-string - r')@(?:[A-Z0-9]+(?:-*[A-Z0-9]+)*\.)+[A-Z]{2,6}$', re.IGNORECASE) # domain + r')@(?:[A-Z0-9](?:[A-Z0-9-]{0,61}[A-Z0-9])?\.)+[A-Z]{2,6}\.?$', re.IGNORECASE) # domain validate_email = RegexValidator(email_re, _(u'Enter a valid e-mail address.'), 'invalid') slug_re = re.compile(r'^[-\w]+$') -- cgit v1.3