From b125cafbfc715f808b8af6125a1c1dddc7079963 Mon Sep 17 00:00:00 2001
From: Adrian Holovaty <adrian@holovaty.com>
Date: Thu, 12 Jan 2006 03:02:19 +0000
Subject: [PATCH] Added more explanation to docs/email.txt 'Preventing header
 injection' section.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@1923 bcc190cf-cafb-0310-a4f2-bffc1f526a37
---
 docs/email.txt | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/docs/email.txt b/docs/email.txt
index e43a29da304..ba2adf8201f 100644
--- a/docs/email.txt
+++ b/docs/email.txt
@@ -124,10 +124,14 @@ scripts generate.
 
 The Django e-mail functions outlined above all protect against header injection
 by forbidding newlines in header values. If any ``subject``, ``from_email`` or
-``recipient_list`` contains a newline, the e-mail function (e.g.
-``send_mail()``) will raise ``django.core.mail.BadHeaderError`` (a subclass of
-``ValueError``) and, hence, will not send the e-mail. It's your responsibility
-to validate all data before passing it to the e-mail functions.
+``recipient_list`` contains a newline (in either Unix, Windows or Mac style),
+the e-mail function (e.g. ``send_mail()``) will raise
+``django.core.mail.BadHeaderError`` (a subclass of ``ValueError``) and, hence,
+will not send the e-mail. It's your responsibility to validate all data before
+passing it to the e-mail functions.
+
+If a ``message`` contains headers at the start of the string, the headers will
+simply be printed as the first bit of the e-mail message.
 
 Here's an example view that takes a ``subject``, ``message`` and ``from_email``
 from the request's POST data, sends that to admin@example.com and redirects to