R. David Murray 389af00371 Merged revisions 87873 via svnmerge from ... svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r87873 | r.david.murray | 2011-01-08 21:35:24 -0500 (Sat, 08 Jan 2011) | 12 lines #5871: protect against header injection attacks. This makes Header.encode throw a HeaderParseError if it winds up formatting a header such that a continuation line has no leading whitespace and looks like a header. Since Header accepts values containing newlines and preserves them (and this is by design), without this fix any program that took user input (say, a subject in a web form) and passed it to the email package as a header was vulnerable to header injection attacks. (As far as we know this has never been exploited.) Thanks to Jakub Wilk for reporting this vulnerability. ........		2011-01-09 02:48:04 +00:00
..
mime	Merged revisions 73623-73624 via svnmerge from	2009-06-28 17:35:48 +00:00
test	Merged revisions 87873 via svnmerge from	2011-01-09 02:48:04 +00:00
__init__.py	…
_parseaddr.py	Merged revisions 85179 via svnmerge from	2010-10-02 16:04:44 +00:00
base64mime.py	Remove nonexisting stuff from __all__.	2009-06-04 09:37:16 +00:00
charset.py	Merged revisions 81660 via svnmerge from	2010-06-03 02:05:47 +00:00
encoders.py	Merged revisions 81685 via svnmerge from	2010-06-04 16:15:34 +00:00
errors.py	…
feedparser.py	Merged revisions 82922 via svnmerge from	2010-07-17 01:28:04 +00:00
generator.py	Merged revisions 87415 via svnmerge from	2010-12-21 18:11:01 +00:00
header.py	Merged revisions 87873 via svnmerge from	2011-01-09 02:48:04 +00:00
iterators.py	…
message.py	Merged revisions 87217 via svnmerge from	2010-12-13 23:57:01 +00:00
parser.py	Patch for issue 2848, mostly by Humberto Diogenes, with a couple of	2008-06-12 04:06:45 +00:00
quoprimime.py	Merged revisions 85142 via svnmerge from	2010-10-01 15:45:48 +00:00
utils.py	Merged revisions 77389 via svnmerge from	2010-01-09 18:48:46 +00:00