Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Ticket 18967: Fix non-standard message/rfc822 base64 encoding issue (django master) #1222

Closed
wants to merge 24 commits into from
tax and others added some commits
@tax tax Link to active fork for ODBC backend
It took me quite some time to find if and where the ODBC backend was maintained.
I found (on djangoproject.com):
http://code.google.com/p/django-pyodbc/ (last commit about 3 years ago)
then:
https://github.com/avidal/django-pyodbc avidal fork.
then:
https://github.com/aurorasoftware/django-pyodbc/ aurorasoftware version which has avidal improvements merged.

Avidals version now links to https://github.com/aurorasoftware/django-pyodbc/ which is also the version installed through PIP.
fb1d813
@brosner brosner Updated my bio f3ba649
@ptone ptone Merge pull request #1209 from tax/master
Updated link to active project for ODBC backend
c4fb832
@timgraham timgraham Merge pull request #1210 from alasdairnicol/jquery_cookie_plugin_link
Updated link to jQuery Cookie plugin site
92c9052
@timgraham timgraham Fixed #20492 - Removed a broken link in GIS docs. fbab320
@claudep claudep Fixed a regression in router initialization
Regression was introduced in 6a6bb16. Thanks Bas Peschier for the
report.
7e95d7a
@andrewgodwin andrewgodwin Rotate CSRF token on login 1514f17
@ziima ziima Fixed #14825 -- LocaleMiddleware keeps language
 * LocaleMiddleware stores language into session if it is not present there.
6de81d6
@claudep claudep Fixed #20099 -- Eased subclassing of BrokenLinkEmailsMiddleware
Thanks Ram Rachum for the report and the initial patch, and Simon
Charette for the review.
f940e56
@claudep claudep Removed obsolete attribute of DjangoTranslation c0439b6
@frog32 frog32 Fixed #20455 -- Do not use ngettext for undefined plurals
Using two separate translation strings instead of gettext plural when
there is no reference to the number in the translated string. This
prevents some translations like Russian and Latvian to use the singular
form for 11 or 21.
b3bccce
@claudep claudep Updated translation catalogs
Updated core/admin/admindocs/comments translation catalogs.
ab61dd2
@claudep claudep Fixed some minor translation-related issues b7cf44d
@claudep claudep Fixed #11725 -- Made possible to create widget label tag without "for"
Thanks Denis Martinez for the report and initial patch, and
Sergey Kolosov for bringing the patch up to date.
be0bab1
@bmispelon bmispelon Fixed #20296 -- Allowed SafeData and EscapeData to be lazy 2ee447f
@andrewjesaitis andrewjesaitis Fixed #19938 -- Consumed iterator only once in paginator's Page
Thanks Joshua Fialkoff for the report.
31f6421
@shaib shaib Fix get_or_create test failure under Oracle
Test expected that when given invalid utf-8, the backend should raise
a DatabaseError, but the Oracle backend raises a UnicodeDecodeError.
cf159e5
@shaib shaib Fixed get_or_create...test_savepoint_rollback test for Python3
The test was always skipped on Python3 because string literals are unicode
36d47f7
@ptone ptone Fixed #19866 -- Added security logger and return 400 for SuspiciousOp…
…eration.

SuspiciousOperations have been differentiated into subclasses, and
are now logged to a 'django.security.*' logger. SuspiciousOperations
that reach django.core.handlers.base.BaseHandler will now return a 400
instead of a 500.

Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
for review.
d228c11
@ramiro ramiro Replaced `and...or...` constructs with PEP 308 conditional expressions. 0fa8d43
@micolous micolous Fix for issue #18967: message/rfc822 attachments should not be base64…
… encoded
5003046
@micolous micolous Issue #18967: Added regression/feature tests for encoding exceptions,…
… made the rules only apply on message/rfc822 mime-types and not all message/* mimetypes.
4d05b79
@micolous micolous Issue #18967: Documentation of new attachment behaviour for attaching…
… emails to emails
1b15f3f
@charettes

for=id_for_label would have worked here.

Collaborator

He, he, try and you'll see :-)

django/core/mail/message.py
@@ -119,6 +121,30 @@ def sanitize_address(addr, encoding):
return formataddr((nm, addr))
+class SafeMIMEMessage(MIMEMessage):
+
+ def __init__(self, text, subtype):
@timgraham Owner

this method doesn't appear to be necessary

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
django/core/mail/message.py
((8 lines not shown))
+
+ def __setitem__(self, name, val):
+ # message/rfc822 attachments must be ASCII
+ name, val = forbid_multi_line_headers(name, val, 'ascii')
+ MIMEMessage.__setitem__(self, name, val)
+
+ def as_string(self, unixfrom=False):
+ """Return the entire formatted message as a string.
+ Optional `unixfrom' when True, means include the Unix From_ envelope
+ header.
+
+ This overrides the default as_string() implementation to not mangle
+ lines that begin with 'From '. See bug #13433 for details.
+ """
+ fp = six.StringIO()
+ g = Generator(fp, mangle_from_ = False)
@timgraham Owner

no spaces around = (mangle_from_ = False)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
docs/topics/email.txt
@@ -309,6 +309,19 @@ The class has the following methods:
For example::
message.attach('design.png', img_data, 'image/png')
+
+ .. versionchanged:: dev
@timgraham Owner

dev -> 1.6

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
docs/topics/email.txt
@@ -309,6 +309,19 @@ The class has the following methods:
For example::
message.attach('design.png', img_data, 'image/png')
+
+ .. versionchanged:: dev
+
+ If you specify a ``mimetype`` of ``message/rfc822``, it will also accept
+ :py:class:`django.core.mail.EmailMessage` and
@timgraham Owner

no :py: prefix for Django classes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@ramiro ramiro commented on the diff
django/core/mail/message.py
((7 lines not shown))
"""
basetype, subtype = mimetype.split('/', 1)
if basetype == 'text':
encoding = self.encoding or settings.DEFAULT_CHARSET
attachment = SafeMIMEText(content, subtype, encoding)
+ elif basetype == 'message' and subtype == 'rfc822':
+ # Bug #18967: per RFC2046 s5.2.1, message/rfc822 attachments
+ # must not be base64 encoded.
+ if not isinstance(content, Message):
@ramiro Collaborator
ramiro added a note

Giving a last review before committing. Thanks Michael for your efforts and your patience.

Don't you think this block would be more readable in this form?:

# We need an email.Message object
if isinstance(content, EmailMessage):
    # convert content into an email.Message
    content = content.message()
elif not isinstance(content, Message):
    # For compatibility with existing code
    content = message_from_string(content)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@ramiro
Collaborator

Applied (with tweaks) in f9d1d5d. Thanks Michael and Tim.

@ramiro ramiro closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on May 24, 2013
  1. @tax

    Link to active fork for ODBC backend

    tax authored
    It took me quite some time to find if and where the ODBC backend was maintained.
    I found (on djangoproject.com):
    http://code.google.com/p/django-pyodbc/ (last commit about 3 years ago)
    then:
    https://github.com/avidal/django-pyodbc avidal fork.
    then:
    https://github.com/aurorasoftware/django-pyodbc/ aurorasoftware version which has avidal improvements merged.
    
    Avidals version now links to https://github.com/aurorasoftware/django-pyodbc/ which is also the version installed through PIP.
  2. @brosner

    Updated my bio

    brosner authored
  3. @ptone

    Merge pull request #1209 from tax/master

    ptone authored
    Updated link to active project for ODBC backend
  4. @timgraham

    Merge pull request #1210 from alasdairnicol/jquery_cookie_plugin_link

    timgraham authored
    Updated link to jQuery Cookie plugin site
  5. @timgraham
  6. @claudep

    Fixed a regression in router initialization

    claudep authored
    Regression was introduced in 6a6bb16. Thanks Bas Peschier for the
    report.
  7. @andrewgodwin
Commits on May 25, 2013
  1. @ziima @claudep

    Fixed #14825 -- LocaleMiddleware keeps language

    ziima authored claudep committed
     * LocaleMiddleware stores language into session if it is not present there.
  2. @claudep

    Fixed #20099 -- Eased subclassing of BrokenLinkEmailsMiddleware

    claudep authored
    Thanks Ram Rachum for the report and the initial patch, and Simon
    Charette for the review.
  3. @claudep
  4. @frog32 @claudep

    Fixed #20455 -- Do not use ngettext for undefined plurals

    frog32 authored claudep committed
    Using two separate translation strings instead of gettext plural when
    there is no reference to the number in the translated string. This
    prevents some translations like Russian and Latvian to use the singular
    form for 11 or 21.
  5. @claudep

    Updated translation catalogs

    claudep authored
    Updated core/admin/admindocs/comments translation catalogs.
  6. @claudep
  7. @claudep

    Fixed #11725 -- Made possible to create widget label tag without "for"

    claudep authored
    Thanks Denis Martinez for the report and initial patch, and
    Sergey Kolosov for bringing the patch up to date.
  8. @bmispelon @claudep
  9. @andrewjesaitis @claudep

    Fixed #19938 -- Consumed iterator only once in paginator's Page

    andrewjesaitis authored claudep committed
    Thanks Joshua Fialkoff for the report.
  10. @shaib

    Fix get_or_create test failure under Oracle

    shaib authored
    Test expected that when given invalid utf-8, the backend should raise
    a DatabaseError, but the Oracle backend raises a UnicodeDecodeError.
  11. @shaib

    Fixed get_or_create...test_savepoint_rollback test for Python3

    shaib authored
    The test was always skipped on Python3 because string literals are unicode
  12. @ptone

    Fixed #19866 -- Added security logger and return 400 for SuspiciousOp…

    ptone authored
    …eration.
    
    SuspiciousOperations have been differentiated into subclasses, and
    are now logged to a 'django.security.*' logger. SuspiciousOperations
    that reach django.core.handlers.base.BaseHandler will now return a 400
    instead of a 500.
    
    Thanks to tiwoc for the report, and Carl Meyer and Donald Stufft
    for review.
Commits on May 27, 2013
  1. @ramiro
  2. @micolous
  3. @micolous

    Issue #18967: Added regression/feature tests for encoding exceptions,…

    micolous authored
    … made the rules only apply on message/rfc822 mime-types and not all message/* mimetypes.
  4. @micolous
Commits on Jun 5, 2013
  1. @micolous
Something went wrong with that request. Please try again.