cpython/Lib/email
R. David Murray 389af00371 Merged revisions 87873 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r87873 | r.david.murray | 2011-01-08 21:35:24 -0500 (Sat, 08 Jan 2011) | 12 lines

  #5871: protect against header injection attacks.

  This makes Header.encode throw a HeaderParseError if it winds up
  formatting a header such that a continuation line has no leading
  whitespace and looks like a header.  Since Header accepts values
  containing newlines and preserves them (and this is by design), without
  this fix any program that took user input (say, a subject in a web form)
  and passed it to the email package as a header was vulnerable to header
  injection attacks.  (As far as we know this has never been exploited.)

  Thanks to Jakub Wilk for reporting this vulnerability.
........
2011-01-09 02:48:04 +00:00
..
mime Merged revisions 73623-73624 via svnmerge from 2009-06-28 17:35:48 +00:00
test Merged revisions 87873 via svnmerge from 2011-01-09 02:48:04 +00:00
__init__.py
_parseaddr.py Merged revisions 85179 via svnmerge from 2010-10-02 16:04:44 +00:00
base64mime.py Remove nonexisting stuff from __all__. 2009-06-04 09:37:16 +00:00
charset.py Merged revisions 81660 via svnmerge from 2010-06-03 02:05:47 +00:00
encoders.py Merged revisions 81685 via svnmerge from 2010-06-04 16:15:34 +00:00
errors.py
feedparser.py Merged revisions 82922 via svnmerge from 2010-07-17 01:28:04 +00:00
generator.py Merged revisions 87415 via svnmerge from 2010-12-21 18:11:01 +00:00
header.py Merged revisions 87873 via svnmerge from 2011-01-09 02:48:04 +00:00
iterators.py
message.py Merged revisions 87217 via svnmerge from 2010-12-13 23:57:01 +00:00
parser.py Patch for issue 2848, mostly by Humberto Diogenes, with a couple of 2008-06-12 04:06:45 +00:00
quoprimime.py Merged revisions 85142 via svnmerge from 2010-10-01 15:45:48 +00:00
utils.py Merged revisions 77389 via svnmerge from 2010-01-09 18:48:46 +00:00