p15693087
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed #7574 -- Fixed the handling of lazy translation in email headers. 

git-svn-id: http://code.djangoproject.com/svn/django/trunk@8083 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Malcolm Tredinnick 2008-07-26 03:37:25 +00:00
parent b149e3d9e7
commit f49c5c23f9
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
django/core/mail.py
View File

@ -71,10 +71,11 @@ class BadHeaderError(ValueError):
def forbid_multi_line_headers(name, val): def forbid_multi_line_headers(name, val):
"""Forbids multi-line headers, to prevent header injection.""" """Forbids multi-line headers, to prevent header injection."""
val = force_unicode(val)
if '\n' in val or '\r' in val: if '\n' in val or '\r' in val:
raise BadHeaderError("Header values can't contain newlines (got %r for header %r)" % (val, name)) raise BadHeaderError("Header values can't contain newlines (got %r for header %r)" % (val, name))
try: try:
val = force_unicode(val).encode('ascii') val = val.encode('ascii')
except UnicodeEncodeError: except UnicodeEncodeError:
if name.lower() in ('to', 'from', 'cc'): if name.lower() in ('to', 'from', 'cc'):
result = [] result = []
@ -84,7 +85,7 @@ def forbid_multi_line_headers(name, val):
result.append(formataddr((nm, str(addr)))) result.append(formataddr((nm, str(addr))))
val = ', '.join(result) val = ', '.join(result)
else: else:
val = Header(force_unicode(val), settings.DEFAULT_CHARSET) val = Header(val, settings.DEFAULT_CHARSET)
return name, val return name, val
class SafeMIMEText(MIMEText): class SafeMIMEText(MIMEText):

9
tests/regressiontests/mail/tests.py
View File

@ -3,6 +3,7 @@ r"""
# Tests for the django.core.mail. # Tests for the django.core.mail.
>>> from django.core.mail import EmailMessage >>> from django.core.mail import EmailMessage
>>> from django.utils.translation import ugettext_lazy
# Test normal ascii character case: # Test normal ascii character case:
@ -36,6 +37,12 @@ r"""
>>> message = email.message() >>> message = email.message()
Traceback (most recent call last): Traceback (most recent call last):
... ...
BadHeaderError: Header values can't contain newlines (got 'Subject\nInjection Test' for header 'Subject') BadHeaderError: Header values can't contain newlines (got u'Subject\nInjection Test' for header 'Subject')
>>> email = EmailMessage(ugettext_lazy('Subject\nInjection Test'), 'Content', 'from@example.com', ['to@example.com'])
>>> message = email.message()
Traceback (most recent call last):
...
BadHeaderError: Header values can't contain newlines (got u'Subject\nInjection Test' for header 'Subject')
""" """