From 6dca603abb0eb164ba87657caf5cc65bca449719 Mon Sep 17 00:00:00 2001 From: Daniel Boeve Date: Fri, 6 Sep 2013 18:47:08 +0000 Subject: [PATCH] Fixed #20889 -- Prevented email.Header from inserting newlines Passed large maxlinelen to email.Header to prevent newlines from being inserted into value returned by _convert_to_charset Thanks mjl at laubach.at for the report. --- django/http/response.py | 3 ++- tests/httpwrappers/tests.py | 7 +++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/django/http/response.py b/django/http/response.py index 822589fe81..5cdedeca49 100644 --- a/django/http/response.py +++ b/django/http/response.py @@ -2,6 +2,7 @@ from __future__ import unicode_literals import datetime import time +import sys from email.header import Header try: from urllib.parse import urlparse @@ -160,7 +161,7 @@ class HttpResponseBase(six.Iterator): except UnicodeError as e: if mime_encode: # Wrapping in str() is a workaround for #12422 under Python 2. - value = str(Header(value, 'utf-8').encode()) + value = str(Header(value, 'utf-8', maxlinelen=sys.maxsize).encode()) else: e.reason += ', HTTP response headers must be in %s format' % charset raise diff --git a/tests/httpwrappers/tests.py b/tests/httpwrappers/tests.py index 356818d2ef..0d9611ef0e 100644 --- a/tests/httpwrappers/tests.py +++ b/tests/httpwrappers/tests.py @@ -290,6 +290,13 @@ class HttpResponseTests(unittest.TestCase): self.assertRaises(UnicodeError, r.__setitem__, 'føø', 'bar') self.assertRaises(UnicodeError, r.__setitem__, 'føø'.encode('utf-8'), 'bar') + def test_long_line(self): + # Bug #20889: long lines trigger newlines to be added to headers + # (which is not allowed due to bug #10188) + h = HttpResponse() + f = 'zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz a\xcc\x88'.encode('latin-1') + f = f.decode('utf-8') + h['Content-Disposition'] = u'attachment; filename="%s"' % f def test_newlines_in_headers(self): # Bug #10188: Do not allow newlines in headers (CR or LF)