Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Fixed #7574 -- Fixed the handling of lazy translation in email headers.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@8083 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit f49c5c23f96f11a993036fa10c81b4287327d7ec 1 parent b149e3d
@malcolmt malcolmt authored
Showing with 11 additions and 3 deletions.
  1. +3 −2 django/core/mail.py
  2. +8 −1 tests/regressiontests/mail/tests.py
View
5 django/core/mail.py
@@ -71,10 +71,11 @@ class BadHeaderError(ValueError):
def forbid_multi_line_headers(name, val):
"""Forbids multi-line headers, to prevent header injection."""
+ val = force_unicode(val)
if '\n' in val or '\r' in val:
raise BadHeaderError("Header values can't contain newlines (got %r for header %r)" % (val, name))
try:
- val = force_unicode(val).encode('ascii')
+ val = val.encode('ascii')
except UnicodeEncodeError:
if name.lower() in ('to', 'from', 'cc'):
result = []
@@ -84,7 +85,7 @@ def forbid_multi_line_headers(name, val):
result.append(formataddr((nm, str(addr))))
val = ', '.join(result)
else:
- val = Header(force_unicode(val), settings.DEFAULT_CHARSET)
+ val = Header(val, settings.DEFAULT_CHARSET)
return name, val
class SafeMIMEText(MIMEText):
View
9 tests/regressiontests/mail/tests.py
@@ -3,6 +3,7 @@
# Tests for the django.core.mail.
>>> from django.core.mail import EmailMessage
+>>> from django.utils.translation import ugettext_lazy
# Test normal ascii character case:
@@ -36,6 +37,12 @@
>>> message = email.message()
Traceback (most recent call last):
...
-BadHeaderError: Header values can't contain newlines (got 'Subject\nInjection Test' for header 'Subject')
+BadHeaderError: Header values can't contain newlines (got u'Subject\nInjection Test' for header 'Subject')
+
+>>> email = EmailMessage(ugettext_lazy('Subject\nInjection Test'), 'Content', 'from@example.com', ['to@example.com'])
+>>> message = email.message()
+Traceback (most recent call last):
+ ...
+BadHeaderError: Header values can't contain newlines (got u'Subject\nInjection Test' for header 'Subject')
"""
Please sign in to comment.
Something went wrong with that request. Please try again.