mirror of https://github.com/django/django.git
Fixed #20889 -- Prevented email.Header from inserting newlines
Passed large maxlinelen to email.Header to prevent newlines from being inserted into value returned by _convert_to_charset Thanks mjl at laubach.at for the report.
This commit is contained in:
parent
aeed2cf3b2
commit
6dca603abb
|
@ -2,6 +2,7 @@ from __future__ import unicode_literals
|
|||
|
||||
import datetime
|
||||
import time
|
||||
import sys
|
||||
from email.header import Header
|
||||
try:
|
||||
from urllib.parse import urlparse
|
||||
|
@ -160,7 +161,7 @@ class HttpResponseBase(six.Iterator):
|
|||
except UnicodeError as e:
|
||||
if mime_encode:
|
||||
# Wrapping in str() is a workaround for #12422 under Python 2.
|
||||
value = str(Header(value, 'utf-8').encode())
|
||||
value = str(Header(value, 'utf-8', maxlinelen=sys.maxsize).encode())
|
||||
else:
|
||||
e.reason += ', HTTP response headers must be in %s format' % charset
|
||||
raise
|
||||
|
|
|
@ -290,6 +290,13 @@ class HttpResponseTests(unittest.TestCase):
|
|||
self.assertRaises(UnicodeError, r.__setitem__, 'føø', 'bar')
|
||||
self.assertRaises(UnicodeError, r.__setitem__, 'føø'.encode('utf-8'), 'bar')
|
||||
|
||||
def test_long_line(self):
|
||||
# Bug #20889: long lines trigger newlines to be added to headers
|
||||
# (which is not allowed due to bug #10188)
|
||||
h = HttpResponse()
|
||||
f = 'zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz a\xcc\x88'.encode('latin-1')
|
||||
f = f.decode('utf-8')
|
||||
h['Content-Disposition'] = u'attachment; filename="%s"' % f
|
||||
|
||||
def test_newlines_in_headers(self):
|
||||
# Bug #10188: Do not allow newlines in headers (CR or LF)
|
||||
|
|
Loading…
Reference in New Issue