Django

Code

Ticket #1135 (closed: fixed)

Opened 3 years ago

Last modified 3 years ago

Check django.core.mail against SMTP header injection attacks

Reported by: Simon Willison Assigned to: adrian
Milestone: Component: Core framework
Version: Keywords:
Cc: Triage Stage: Unreviewed
Has patch: 0 Needs documentation: 0
Needs tests: 0 Patch needs improvement: 0

Description

James Bennett brought this up here:

http://groups.google.com/group/django-users/browse_thread/thread/aae390deedaebb0c/8655b4032d2775e5

We should make sure that Django's built in email stuff is defended against SMTP header injection attacks, as described here:

http://securephp.damonkohler.com/index.php/Email_Injection

I'm not sure if Python's smtplib protects us here or not.

Attachments

Change History

12/29/05 14:33:57 changed by adrian

  • status changed from new to closed.
  • resolution set to fixed.

(In [1795]) Fixed #1135 -- Changed django.core.mail functions not to allow newlines in headers

Add/Change #1135 (Check django.core.mail against SMTP header injection attacks)




Change Properties
Action