Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixed #5887 -- Consolidated some duplicate code in SafeMIMEText and S…

…afeMIMEMultipart. Thanks, Carl Karsten

git-svn-id: http://code.djangoproject.com/svn/django/trunk@6987 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 1264bcf8b01086e3a39efe70632d60ff10db82b2 1 parent f633673
Adrian Holovaty adrianholovaty authored
Showing with 7 additions and 17 deletions.
  1. +7 −17 django/core/mail.py
24 django/core/mail.py
View
@@ -67,8 +67,7 @@ def make_msgid(idstring=None):
class BadHeaderError(ValueError):
pass
-class SafeMIMEText(MIMEText):
- def __setitem__(self, name, val):
+def forbid_multi_line_headers(name, val):
"Forbids multi-line headers, to prevent header injection."
if '\n' in val or '\r' in val:
raise BadHeaderError, "Header values can't contain newlines (got %r for header %r)" % (val, name)
@@ -84,25 +83,16 @@ def __setitem__(self, name, val):
val = ', '.join(result)
else:
val = Header(force_unicode(val), settings.DEFAULT_CHARSET)
+ return (name, val)
+
+class SafeMIMEText(MIMEText):
+ def __setitem__(self, name, val):
+ name, val = forbid_multi_line_headers(name, val)
MIMEText.__setitem__(self, name, val)
class SafeMIMEMultipart(MIMEMultipart):
def __setitem__(self, name, val):
- "Forbids multi-line headers, to prevent header injection."
- if '\n' in val or '\r' in val:
- raise BadHeaderError, "Header values can't contain newlines (got %r for header %r)" % (val, name)
- try:
- val = force_unicode(val).encode('ascii')
- except UnicodeEncodeError:
- if name.lower() in ('to', 'from', 'cc'):
- result = []
- for item in val.split(', '):
- nm, addr = parseaddr(item)
- nm = str(Header(nm, settings.DEFAULT_CHARSET))
- result.append(formataddr((nm, str(addr))))
- val = ', '.join(result)
- else:
- val = Header(force_unicode(val), settings.DEFAULT_CHARSET)
+ name, val = forbid_multi_line_headers(name, val)
MIMEMultipart.__setitem__(self, name, val)
class SMTPConnection(object):
Please sign in to comment.
Something went wrong with that request. Please try again.