Commit Graph

374 Commits

Author SHA1 Message Date
R. David Murray d97f5ce377 Merged revisions 87873 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r87873 | r.david.murray | 2011-01-08 21:35:24 -0500 (Sat, 08 Jan 2011) | 12 lines

  #5871: protect against header injection attacks.

  This makes Header.encode throw a HeaderParseError if it winds up
  formatting a header such that a continuation line has no leading
  whitespace and looks like a header.  Since Header accepts values
  containing newlines and preserves them (and this is by design), without
  this fix any program that took user input (say, a subject in a web form)
  and passed it to the email package as a header was vulnerable to header
  injection attacks.  (As far as we know this has never been exploited.)

  Thanks to Jakub Wilk for reporting this vulnerability.
........
2011-01-09 03:02:04 +00:00
R. David Murray 5360d003b6 #1379416: encode charset name to ascii to avoid unicode promotion of output 2010-12-27 19:17:17 +00:00
R. David Murray a993b2d5de Merged revisions 87415 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r87415 | r.david.murray | 2010-12-21 13:07:59 -0500 (Tue, 21 Dec 2010) | 4 lines

  Fix the change made for issue 1243654.

  Surprisingly, it turns out there was no test that exercised this code path.
........
2010-12-21 18:12:50 +00:00
R. David Murray a9aa34c7cd #1078919: document requirement to use triples for non-ascii add_header parms. 2010-12-14 00:29:27 +00:00
R. David Murray 910c52fcf4 Merged revisions 87191 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r87191 | r.david.murray | 2010-12-12 15:06:19 -0500 (Sun, 12 Dec 2010) | 6 lines

  #243654: only create a new MIME boundary if we don't already have one.

  The rearranged code should do exactly what the old code did, but
  the new code avoids a potentially costly re computation in the case
  where a boundary already exists.
........
2010-12-12 20:32:19 +00:00
R. David Murray 82e7aaee56 Merged revisions 85146 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r85146 | r.david.murray | 2010-10-01 16:38:33 -0400 (Fri, 01 Oct 2010) | 3 lines

  Fix docstring typo.
........
2010-12-06 18:48:31 +00:00
R. David Murray 13219a3e9b Merged revisions 85130 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r85130 | r.david.murray | 2010-09-30 22:08:02 -0400 (Thu, 30 Sep 2010) | 2 lines

  Fix a couple spelling errors in comments and delete redundant __len__ def.
........
2010-12-06 18:45:46 +00:00
Ezio Melotti 2623a37852 Merged revisions 86596 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r86596 | ezio.melotti | 2010-11-20 21:04:17 +0200 (Sat, 20 Nov 2010) | 1 line

  #9424: Replace deprecated assert* methods in the Python test suite.
........
2010-11-21 13:34:58 +00:00
R. David Murray 10a8676691 Merged revisions 85179 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r85179 | r.david.murray | 2010-10-02 11:58:26 -0400 (Sat, 02 Oct 2010) | 6 lines

  #1050268: make parseaddr 'quote' the contents of quoted strings in addresses.

  Also made the doc string for email._parseaddr's 'quote' function more
  accurate; I'd love to make the function match the old docstring instead,
  but other code uses it according the existing semantics.
........
2010-10-02 16:26:05 +00:00
R. David Murray 20ad3634af Merged revisions 85142 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r85142 | r.david.murray | 2010-10-01 11:40:20 -0400 (Fri, 01 Oct 2010) | 5 lines

  #10004: in Q encoded word ignore '=xx' when xx is not valid hex.

  Bug report and fix by Thomas Guettler.
........
2010-10-01 15:48:49 +00:00
R. David Murray 7c4bf55ffd Merged revisions 84310 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r84310 | r.david.murray | 2010-08-24 20:45:55 -0400 (Tue, 24 Aug 2010) | 8 lines

  #1194222: make parsedate always return RFC2822 four character years.

  Two character years are now converted to four character years using
  the Posix standard rule (<68 == 2000, >=68==1900).  This makes the
  parsed date RFC2822 compliant even if the input is not.

  Patch and test by Jeffrey Finkelstein.
........
2010-08-25 01:45:57 +00:00
R. David Murray 75a292e5be Merged revisions 83690 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r83690 | r.david.murray | 2010-08-03 18:14:10 -0400 (Tue, 03 Aug 2010) | 10 lines

  #3196: if needed pad a short base64 encoded word before trying to decode.

  The RFCs encourage following Postel's law: be liberal in what you accept.
  So if someone forgot to pad the base64 encoded word payload to an
  even four bytes, we add the padding before handing it to base64mime.decode.
  Previously, missing padding resulted in a HeaderParseError.

  Patch by Jason Williams.
........
2010-08-04 00:05:50 +00:00
R. David Murray 05b7631c17 Merged revisions 82922 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r82922 | r.david.murray | 2010-07-16 21:19:57 -0400 (Fri, 16 Jul 2010) | 4 lines

  #1555570: correctly handle a \r\n that is split by the read buffer.

  Patch and test by Tony Nelson.
........
2010-07-17 01:35:16 +00:00
R. David Murray 62a14db9f4 #9085: email versions have gotten out of sync, 2.7 is actually 4.0.3.
In 2.5 the email version was bumped to 4.0.2 just before release but
after the maintenance branch was set up.  The bump was not backported
to trunk, and 2.6 went out the door with a version number of 4.0.1.
I bumped this to 4.0.2 because of a behavior change, but that makes
it look the same as 2.5.  So bump it again to 4.0.3.
2010-06-26 18:39:50 +00:00
R. David Murray e7e505ba6e #4487: have Charset check with codecs for possible aliases.
Previously, unexpected results occurred when email was passed, for example,
'utf8' as a charset name, since email would accept it but would *not* use
the 'utf-8' codec for it, even though Python itself recognises that as
an alias for utf-8.  Now Charset checks with codecs for aliases as well
as its own internal table.  Issue 8898 has been opened to change this
further in py3k so that all aliasing is routed through the codecs module.
2010-06-04 19:51:06 +00:00
R. David Murray 61746d580e #5610: use \Z not $ so we don't eat extra chars when body part ends with \r\n.
If a body part ended with \r\n, feedparser, using '$' to terminate its
search for the newline, would match on the \r\n, and think that it needed
to strip two characters in order to account for the line end before the
boundary.  That made it chop one too many characters off the end of
the body part.  Using \Z makes the match correct.

Patch and test by Tony Nelson.
2010-06-03 15:43:20 +00:00
R. David Murray 52dcd45906 #1368247: make set_charset/MIMEText automatically encode unicode _payload.
Fixes (mysterious, to the end user) UnicodeErrors when using utf-8 as
the charset and unicode as the _text argument.  Also makes the way in
which unicode gets encoded to quoted printable for other charsets more
sane (it only worked by accident previously).  The _payload now is encoded
to the charset.output_charset if it is unicode.
2010-06-02 22:03:15 +00:00
R. David Murray 7d93221a5c Issue #7472: remove unused code from email.encoders.encode_7or8bit.
Yukihiro Nakadaira noticed a typo in encode_7or8bit that was trying
to special case iso-2022 codecs.  It turns out that the code in
question is never used, because whereas it was designed to trigger
if the payload encoding was eight bit but its output encoding was
7 bit, in practice the payload is always converted to the 7bit
encoding before encode_7or8bit is called.  Patch by Shawat Anand.
2010-05-05 17:31:03 +00:00
Barry Warsaw 43ad706ef4 Bug 7755: audiotest.au is arguably copyrighted material, but definitely makes
Debian unhappy.  The actual contents of the audio clip are unimportant, so
replace it with something that we know is okay.  Guido likes woodpeckers.
2010-05-05 16:15:09 +00:00
Ezio Melotti 19c06739c5 Rephrase comment. 2010-04-22 11:53:21 +00:00
Ezio Melotti 23196a564b #8474: fix duplicate test in test_email. 2010-04-22 11:23:31 +00:00
R. David Murray 661303f27e Issue #5277: Fix quote counting when parsing RFC 2231 encoded parameters. 2010-04-13 20:57:40 +00:00
R. David Murray 27ef93797c Issue #7472: ISO-2022 charsets now consistently use 7bit CTE.
Fixed a typo in the email.encoders module so that messages output using
an ISO-2022 character set will use a content-transfer-encoding of
7bit consistently.  Previously if the input data had any eight bit
characters the output data would get marked as 8bit even though it
was actually 7bit.
2010-04-12 14:26:06 +00:00
R. David Murray 4617e5085a Issue #7143: get_payload used to strip any trailing newline from a
base64 transfer-encoded payload *after* decoding it; it no longer does.
email had a special method in utils, _bdecode, specifically to do this,
so it must have served a purpose at some point, yet it is clearly wrong
per RFC.  Fixed with Barry's approval, but no backport.  Email package
minor version number is bumped, now version 4.0.1.

Patch by Joaquin Cuenca Abela.
2010-03-08 02:04:06 +00:00
R. David Murray 51f1204590 Issue 7970: When email.Parser.Parser parses a MIME message of type
message/rfc822 it turns it into an object whose body consists of
a list containing a single Message object.  HeaderParser, on the
other hand, just copies the body as a string.  Generator.flatten
has a special handler for the message mime type that expected the
body to be the one item list.  This fails if the message was parsed
by HeaderParser.  So we now check to see if the body is a string
first, and if so just we just emit it.
2010-02-21 04:23:00 +00:00
Georg Brandl 7e1902bced Add missing import when running these tests standalone. 2010-02-06 23:54:04 +00:00
Ezio Melotti dde5b94875 #7092: Silence more py3k warnings. Patch by Florent Xicluna. 2010-02-03 05:37:26 +00:00
R. David Murray c755dba906 Fix issue number in comment. 2010-01-16 16:08:32 +00:00
R. David Murray ed44dfa4c7 Issue #1670765: Prevent email.generator.Generator from re-wrapping
headers in multipart/signed MIME parts, which fixes one of the sources of
invalid modifications to such parts by Generator.  Patch and tests by
Martin von Gagern.
2010-01-16 05:15:17 +00:00
Antoine Pitrou af45b11527 Kill a couple of "<>" 2010-01-04 23:28:16 +00:00
Georg Brandl 8cdc9bc901 More yearly updates. 2010-01-01 13:07:05 +00:00
Barry Warsaw 0d9f61a543 Add mktime_tz to __all__. It's documented as being available in email.utils. 2009-11-25 18:38:32 +00:00
Benjamin Peterson 6e3dbbdf39 replace has_key with 'in' operator 2009-10-09 22:15:50 +00:00
R. David Murray 0c8bee6393 Issue #7082: When falling back to the MIME 'name' parameter, the
correct place to look for it is the Content-Type header.

Patch by Darren Worrall.
2009-10-09 21:50:54 +00:00
Amaury Forgeot d'Arc 74b8d333b7 #2622 Import errors in email.message, from a py2app standalone application.
Patch by Mads Kiilerich, Reviewed by Barry Warsaw.
2009-07-11 14:33:51 +00:00
Benjamin Peterson 5c8da86f3a convert usage of fail* to assert* 2009-06-30 22:57:08 +00:00
Georg Brandl a4c622972a Remove stray pychecker directive. 2009-06-28 12:10:18 +00:00
Barry Warsaw dbf95a3643 A fix for issue 1974, inspired by the patch from Andi Albrecht (aalbrecht),
though with some changes by me.  This patch should not be back ported or
forward ported.  It's a bit too risky for 2.6 and 3.x does things fairly
differently.
2009-03-30 22:42:17 +00:00
Benjamin Peterson 33cd7ef867 fix import 2009-03-30 02:14:21 +00:00
Benjamin Peterson 04232973b7 update email tests to use SkipTest 2009-03-26 21:40:29 +00:00
Mark Dickinson 3e4caeb3bf Issue #5341: Fix a variety of spelling errors. 2009-02-21 20:27:01 +00:00
Antoine Pitrou b90a8be96f #2676: email/message.py [Message.get_content_type]: Trivial regex hangs on pathological input 2008-08-15 21:03:21 +00:00
Brett Cannon 8161498817 Remove a dict.has_key() usage in email._parseaddr found while running -3. 2008-08-03 23:40:13 +00:00
Brett Cannon 1f571c6e60 Remove Barry's love of deprecated syntax to silence warnings in the email
package, when run under -3, about using <>.
2008-08-03 23:27:32 +00:00
Martin v. Löwis 3a4414855c Revert eol-style to CRLF. 2008-06-14 00:41:41 +00:00
Martin v. Löwis 06510b2213 Run svneol.py on all sources. 2008-06-13 22:38:33 +00:00
Christian Heimes c5f05e45cf Patch #2167 from calvin: Remove unused imports 2008-02-23 17:40:11 +00:00
Facundo Batista 2b1b195d39 Fix issue #1822: MIMEMultipart.is_multipart() behaves correctly for a
just-created (and empty) instance.  Added tests for this. Thanks
Jonathan Share.
2008-01-19 12:32:27 +00:00
Barry Warsaw 81a06d4260 In response to this SF bug:
[ 1752723 ] email.message_from_string: initial line gets discarded

I added a test to assert that when the first line of text passed to
message_from_string() contains a leading space, the message ends up with the
appropriate FirstHeaderLineIsContinuationDefect on its defects list.

The bug is invalid.
2007-07-13 22:12:58 +00:00
Barry Warsaw dcd24ae501 SF bug #1582282; decode_header() incorrectly splits not-conformant RFC
2047-like headers where there is no whitespace between encoded words.  This
fix changes the matching regexp to include a trailing lookahead assertion that
the closing ?= must be followed by whitespace, newline, or end-of-string.
This also changes the regexp to add the MULTILINE flag.
2007-03-14 04:59:50 +00:00