From f49c5c23f96f11a993036fa10c81b4287327d7ec Mon Sep 17 00:00:00 2001 From: Malcolm Tredinnick Date: Sat, 26 Jul 2008 03:37:25 +0000 Subject: [PATCH] Fixed #7574 -- Fixed the handling of lazy translation in email headers. git-svn-id: http://code.djangoproject.com/svn/django/trunk@8083 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- django/core/mail.py | 5 +++-- tests/regressiontests/mail/tests.py | 9 ++++++++- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/django/core/mail.py b/django/core/mail.py index b60757366f..78a1ec6192 100644 --- a/django/core/mail.py +++ b/django/core/mail.py @@ -71,10 +71,11 @@ class BadHeaderError(ValueError): def forbid_multi_line_headers(name, val): """Forbids multi-line headers, to prevent header injection.""" + val = force_unicode(val) if '\n' in val or '\r' in val: raise BadHeaderError("Header values can't contain newlines (got %r for header %r)" % (val, name)) try: - val = force_unicode(val).encode('ascii') + val = val.encode('ascii') except UnicodeEncodeError: if name.lower() in ('to', 'from', 'cc'): result = [] @@ -84,7 +85,7 @@ def forbid_multi_line_headers(name, val): result.append(formataddr((nm, str(addr)))) val = ', '.join(result) else: - val = Header(force_unicode(val), settings.DEFAULT_CHARSET) + val = Header(val, settings.DEFAULT_CHARSET) return name, val class SafeMIMEText(MIMEText): diff --git a/tests/regressiontests/mail/tests.py b/tests/regressiontests/mail/tests.py index 9d2e2abe96..be59234342 100644 --- a/tests/regressiontests/mail/tests.py +++ b/tests/regressiontests/mail/tests.py @@ -3,6 +3,7 @@ r""" # Tests for the django.core.mail. >>> from django.core.mail import EmailMessage +>>> from django.utils.translation import ugettext_lazy # Test normal ascii character case: @@ -36,6 +37,12 @@ r""" >>> message = email.message() Traceback (most recent call last): ... -BadHeaderError: Header values can't contain newlines (got 'Subject\nInjection Test' for header 'Subject') +BadHeaderError: Header values can't contain newlines (got u'Subject\nInjection Test' for header 'Subject') + +>>> email = EmailMessage(ugettext_lazy('Subject\nInjection Test'), 'Content', 'from@example.com', ['to@example.com']) +>>> message = email.message() +Traceback (most recent call last): + ... +BadHeaderError: Header values can't contain newlines (got u'Subject\nInjection Test' for header 'Subject') """