Mirror
/
cpython
mirror of https://github.com/python/cpython
4
1
Fork 0
Code Issues Releases Wiki Activity
cpython/Lib/email
History
R. David Murray d97f5ce377 Merged revisions 87873 via svnmerge from 
svn+ssh://pythondev@svn.python.org/python/branches/py3k

........
  r87873 | r.david.murray | 2011-01-08 21:35:24 -0500 (Sat, 08 Jan 2011) | 12 lines

  #5871: protect against header injection attacks.

  This makes Header.encode throw a HeaderParseError if it winds up
  formatting a header such that a continuation line has no leading
  whitespace and looks like a header.  Since Header accepts values
  containing newlines and preserves them (and this is by design), without
  this fix any program that took user input (say, a subject in a web form)
  and passed it to the email package as a header was vulnerable to header
  injection attacks.  (As far as we know this has never been exploited.)

  Thanks to Jakub Wilk for reporting this vulnerability.
........
 		2011-01-09 03:02:04 +00:00
..
mime Remove stray pychecker directive. 2009-06-28 12:10:18 +00:00
test Merged revisions 87873 via svnmerge from 2011-01-09 03:02:04 +00:00
__init__.py #9085: email versions have gotten out of sync, 2.7 is actually 4.0.3. 2010-06-26 18:39:50 +00:00
_parseaddr.py Merged revisions 85179 via svnmerge from 2010-10-02 16:26:05 +00:00
base64mime.py #2622 Import errors in email.message, from a py2app standalone application. 2009-07-11 14:33:51 +00:00
charset.py #1379416: encode charset name to ascii to avoid unicode promotion of output 2010-12-27 19:17:17 +00:00
encoders.py Issue #7472: remove unused code from email.encoders.encode_7or8bit. 2010-05-05 17:31:03 +00:00
errors.py Merge email package 4.0 from the sandbox, including documentation, test cases, 2006-03-18 15:41:53 +00:00
feedparser.py Merged revisions 82922 via svnmerge from 2010-07-17 01:35:16 +00:00
generator.py Merged revisions 87415 via svnmerge from 2010-12-21 18:12:50 +00:00
header.py Merged revisions 87873 via svnmerge from 2011-01-09 03:02:04 +00:00
iterators.py Merge email package 4.0 from the sandbox, including documentation, test cases, 2006-03-18 15:41:53 +00:00
message.py #1078919: document requirement to use triples for non-ascii add_header parms. 2010-12-14 00:29:27 +00:00
parser.py Merge email package 4.0 from the sandbox, including documentation, test cases, 2006-03-18 15:41:53 +00:00
quoprimime.py Merged revisions 85142 via svnmerge from 2010-10-01 15:48:49 +00:00
utils.py Issue #7143: get_payload used to strip any trailing newline from a 2010-03-08 02:04:06 +00:00