Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #7574 -- Fixed the handling of lazy translation in email headers.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@8083 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit f49c5c23f96f11a993036fa10c81b4287327d7ec 1 parent b149e3d
Malcolm Tredinnick authored July 26, 2008
5  django/core/mail.py
@@ -71,10 +71,11 @@ class BadHeaderError(ValueError):
71 71
 
72 72
 def forbid_multi_line_headers(name, val):
73 73
     """Forbids multi-line headers, to prevent header injection."""
  74
+    val = force_unicode(val)
74 75
     if '\n' in val or '\r' in val:
75 76
         raise BadHeaderError("Header values can't contain newlines (got %r for header %r)" % (val, name))
76 77
     try:
77  
-        val = force_unicode(val).encode('ascii')
  78
+        val = val.encode('ascii')
78 79
     except UnicodeEncodeError:
79 80
         if name.lower() in ('to', 'from', 'cc'):
80 81
             result = []
@@ -84,7 +85,7 @@ def forbid_multi_line_headers(name, val):
84 85
                 result.append(formataddr((nm, str(addr))))
85 86
             val = ', '.join(result)
86 87
         else:
87  
-            val = Header(force_unicode(val), settings.DEFAULT_CHARSET)
  88
+            val = Header(val, settings.DEFAULT_CHARSET)
88 89
     return name, val
89 90
 
90 91
 class SafeMIMEText(MIMEText):
9  tests/regressiontests/mail/tests.py
@@ -3,6 +3,7 @@
3 3
 # Tests for the django.core.mail.
4 4
 
5 5
 >>> from django.core.mail import EmailMessage
  6
+>>> from django.utils.translation import ugettext_lazy
6 7
 
7 8
 # Test normal ascii character case:
8 9
 
@@ -36,6 +37,12 @@
36 37
 >>> message = email.message()
37 38
 Traceback (most recent call last):
38 39
     ...
39  
-BadHeaderError: Header values can't contain newlines (got 'Subject\nInjection Test' for header 'Subject')
  40
+BadHeaderError: Header values can't contain newlines (got u'Subject\nInjection Test' for header 'Subject')
  41
+
  42
+>>> email = EmailMessage(ugettext_lazy('Subject\nInjection Test'), 'Content', 'from@example.com', ['to@example.com'])
  43
+>>> message = email.message()
  44
+Traceback (most recent call last):
  45
+    ...
  46
+BadHeaderError: Header values can't contain newlines (got u'Subject\nInjection Test' for header 'Subject')
40 47
 
41 48
 """

0 notes on commit f49c5c2

Please sign in to comment.
Something went wrong with that request. Please try again.