Changeset 8083
- Timestamp:
- 07/25/08 22:37:25 (4 months ago)
- Files:
-
- django/trunk/django/core/mail.py (modified) (2 diffs)
- django/trunk/tests/regressiontests/mail/tests.py (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
django/trunk/django/core/mail.py
r7864 r8083 72 72 def forbid_multi_line_headers(name, val): 73 73 """Forbids multi-line headers, to prevent header injection.""" 74 val = force_unicode(val) 74 75 if '\n' in val or '\r' in val: 75 76 raise BadHeaderError("Header values can't contain newlines (got %r for header %r)" % (val, name)) 76 77 try: 77 val = force_unicode(val).encode('ascii')78 val = val.encode('ascii') 78 79 except UnicodeEncodeError: 79 80 if name.lower() in ('to', 'from', 'cc'): … … 85 86 val = ', '.join(result) 86 87 else: 87 val = Header( force_unicode(val), settings.DEFAULT_CHARSET)88 val = Header(val, settings.DEFAULT_CHARSET) 88 89 return name, val 89 90 django/trunk/tests/regressiontests/mail/tests.py
r7975 r8083 4 4 5 5 >>> from django.core.mail import EmailMessage 6 >>> from django.utils.translation import ugettext_lazy 6 7 7 8 # Test normal ascii character case: … … 37 38 Traceback (most recent call last): 38 39 ... 39 BadHeaderError: Header values can't contain newlines (got 'Subject\nInjection Test' for header 'Subject') 40 BadHeaderError: Header values can't contain newlines (got u'Subject\nInjection Test' for header 'Subject') 41 42 >>> email = EmailMessage(ugettext_lazy('Subject\nInjection Test'), 'Content', 'from@example.com', ['to@example.com']) 43 >>> message = email.message() 44 Traceback (most recent call last): 45 ... 46 BadHeaderError: Header values can't contain newlines (got u'Subject\nInjection Test' for header 'Subject') 40 47 41 48 """
