Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixes Unvalidated Email Succeeding to group addition #4104

Open
wants to merge 10 commits into
base: master
Choose a base branch
from
+79 −6
Open

Fixes Unvalidated Email Succeeding to group addition #4104

Changes from 3 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
67b3385
fixes unvalidated emails to new group creation
rohnsha0 Feb 12, 2025
360a2cd
changelog
rohnsha0 Feb 12, 2025
974ba70
use PloneTools for email validation
rohnsha0 Feb 12, 2025
d7a40d7
fix typo
rohnsha0 Feb 12, 2025
f9fb830
refactor email validation to use plone_utils instead of PloneTool
rohnsha0 Feb 12, 2025
4d06da2
retain group_form data on failed attempt
rohnsha0 Feb 12, 2025
36285a9
update email validation to use validateSingleEmailAddress method
rohnsha0 Feb 12, 2025
9733247
enhance email validation to support multiple formats and display names
rohnsha0 Feb 13, 2025
e567ab6
Merge branch 'master' into rohnsha0-933
rohnsha0 Feb 13, 2025
67f453b
rearrange import
rohnsha0 Feb 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 40 additions & 8 deletions Products/CMFPlone/controlpanel/browser/usergroups_groupdetails.py
View file
Original file line number Diff line number Diff line change
@@ -2,13 +2,23 @@
from plone.base import PloneMessageFactory as _
from plone.protect import CheckAuthenticator
from Products.CMFCore.utils import getToolByName
from Products.CMFPlone.controlpanel.browser.usergroups import (
UsersGroupsControlPanelView,
)
from Products.CMFPlone.controlpanel.browser.usergroups import UsersGroupsControlPanelView
from Products.CMFPlone.PloneTool import PloneTool
from Products.statusmessages.interfaces import IStatusMessage


class GroupDetailsControlPanel(UsersGroupsControlPanelView):
def extract_invalid_emails(self, emails):
"""Validate a list of email addresses."""
if isinstance(emails, str):
emails = [e.strip() for e in emails.split('\n') if e.strip()]

invalid_emails = []
for email in emails:
if not PloneTool.validateEmailAddresses(email):
invalid_emails.append(email)

return invalid_emails

def get_group_property(self, prop_id):
try:
return self.group.getProperty(prop_id, None)
@@ -40,6 +50,19 @@ def __call__(self):
title = self.request.form.get("title", None)
description = self.request.form.get("description", None)
addname = self.request.form.get("addname", None)

# Get email field(s) from the form
emails = self.request.form.get("email", "")

# Validate emails before proceeding
invalid_emails = self.validate_group_emails(emails)
if invalid_emails:
msg = _(
"Invalid email address(es): ${emails}. Please correct them before proceeding.",
mapping={"emails": ", ".join(invalid_emails)},
)
IStatusMessage(self.request).add(msg, "error")
return self.index()

if addname:
if not self.regtool.isMemberIdAllowed(addname):
@@ -84,11 +107,20 @@ def __call__(self):

processed = {}
for id, property in self.gdtool.propertyItems():
processed[id] = self.request.get(id, None)
value = self.request.get(id, None)
# Additional validation for email properties
if id.lower().endswith('email') and value:
invalid_emails = self.validate_group_emails(value)
if invalid_emails:
msg = _(
"Invalid email address(es) in ${field}: ${emails}",
mapping={"field": id, "emails": ", ".join(invalid_emails)},
)
IStatusMessage(self.request).add(msg, "error")
return self.index()
processed[id] = value

if self.group:
# for what reason ever, the very first group created does not
# exist
self.group.setGroupProperties(processed)

IStatusMessage(self.request).add(msg, type=self.group and "info" or "error")
@@ -99,4 +131,4 @@ def __call__(self):
self.request.response.redirect(target_url)
return ""

return self.index()
return self.index()
1 change: 1 addition & 0 deletions news/933.bugfix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
fixes unvalidated email field succeeding in group addition @rohnsha0