cpython/Lib/email
R. David Murray d97f5ce377 Merged revisions 87873 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r87873 | r.david.murray | 2011-01-08 21:35:24 -0500 (Sat, 08 Jan 2011) | 12 lines

  #5871: protect against header injection attacks.

  This makes Header.encode throw a HeaderParseError if it winds up
  formatting a header such that a continuation line has no leading
  whitespace and looks like a header.  Since Header accepts values
  containing newlines and preserves them (and this is by design), without
  this fix any program that took user input (say, a subject in a web form)
  and passed it to the email package as a header was vulnerable to header
  injection attacks.  (As far as we know this has never been exploited.)

  Thanks to Jakub Wilk for reporting this vulnerability.
........
2011-01-09 03:02:04 +00:00
..
mime
test Merged revisions 87873 via svnmerge from 2011-01-09 03:02:04 +00:00
__init__.py #9085: email versions have gotten out of sync, 2.7 is actually 4.0.3. 2010-06-26 18:39:50 +00:00
_parseaddr.py Merged revisions 85179 via svnmerge from 2010-10-02 16:26:05 +00:00
base64mime.py
charset.py #1379416: encode charset name to ascii to avoid unicode promotion of output 2010-12-27 19:17:17 +00:00
encoders.py
errors.py
feedparser.py Merged revisions 82922 via svnmerge from 2010-07-17 01:35:16 +00:00
generator.py Merged revisions 87415 via svnmerge from 2010-12-21 18:12:50 +00:00
header.py Merged revisions 87873 via svnmerge from 2011-01-09 03:02:04 +00:00
iterators.py
message.py #1078919: document requirement to use triples for non-ascii add_header parms. 2010-12-14 00:29:27 +00:00
parser.py
quoprimime.py Merged revisions 85142 via svnmerge from 2010-10-01 15:48:49 +00:00
utils.py