traverseda
/
cpython
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
cpython/Lib/email
History
R. David Murray 5b2d9ddf69 #5871: protect against header injection attacks. 
This makes Header.encode throw a HeaderParseError if it winds up
formatting a header such that a continuation line has no leading
whitespace and looks like a header.  Since Header accepts values
containing newlines and preserves them (and this is by design), without
this fix any program that took user input (say, a subject in a web form)
and passed it to the email package as a header was vulnerable to header
injection attacks.  (As far as we know this has never been exploited.)

Thanks to Jakub Wilk for reporting this vulnerability.
 		2011-01-09 02:35:24 +00:00
..
mime
test #5871: protect against header injection attacks. 2011-01-09 02:35:24 +00:00
__init__.py #4661: add bytes parsing and generation to email (email version bump to 5.1.0) 2010-10-08 15:55:28 +00:00
_parseaddr.py #1155362: allow hh:mm:ss-uuuu like we allow hh:mm:ss+uuuu in parsedate_tz 2010-12-23 20:35:46 +00:00
base64mime.py
charset.py #10686: recode non-ASCII headers to 'unknown-8bit' instead of ?s. 2011-01-07 23:25:30 +00:00
encoders.py
errors.py
feedparser.py #4661: add bytes parsing and generation to email (email version bump to 5.1.0) 2010-10-08 15:55:28 +00:00
generator.py Fix the change made for issue 1243654. 2010-12-21 18:07:59 +00:00
header.py #5871: protect against header injection attacks. 2011-01-09 02:35:24 +00:00
iterators.py
message.py #10686: recode non-ASCII headers to 'unknown-8bit' instead of ?s. 2011-01-07 23:25:30 +00:00
parser.py Properly close a temporary TextIOWrapper in 'email'. 2010-10-29 23:08:13 +00:00
quoprimime.py
utils.py #8989: add 'domain' keyword to make_msgid. 2010-12-02 21:47:19 +00:00