-
R. David Murray yazdı
This makes Header.encode throw a HeaderParseError if it winds up formatting a header such that a continuation line has no leading whitespace and looks like a header. Since Header accepts values containing newlines and preserves them (and this is by design), without this fix any program that took user input (say, a subject in a web form) and passed it to the email package as a header was vulnerable to header injection attacks. (As far as we know this has never been exploited.) Thanks to Jakub Wilk for reporting this vulnerability.
5b2d9ddf
| Adı |
Son kayıt (commit)
|
Son güncelleme |
|---|---|---|
| Doc | ||
| Grammar | ||
| Include | ||
| Lib | ||
| Mac | ||
| Misc | ||
| Modules | ||
| Objects | ||
| PC | ||
| PCbuild | ||
| Parser | ||
| Python | ||
| Tools | ||
| .bzrignore | ||
| .gitignore | ||
| .hgeol | ||
| .hgignore | ||
| .hgtags | ||
| LICENSE | ||
| Makefile.pre.in | ||
| README | ||
| configure | ||
| configure.in | ||
| install-sh | ||
| pyconfig.h.in | ||
| setup.py |