-
R. David Murray yazdı
This makes Header.encode throw a HeaderParseError if it winds up formatting a header such that a continuation line has no leading whitespace and looks like a header. Since Header accepts values containing newlines and preserves them (and this is by design), without this fix any program that took user input (say, a subject in a web form) and passed it to the email package as a header was vulnerable to header injection attacks. (As far as we know this has never been exploited.) Thanks to Jakub Wilk for reporting this vulnerability.
5b2d9ddf
| Adı |
Son kayıt (commit)
|
Son güncelleme |
|---|---|---|
| .. | ||
| mime | ||
| test | ||
| __init__.py | ||
| _parseaddr.py | ||
| base64mime.py | ||
| charset.py | ||
| encoders.py | ||
| errors.py | ||
| feedparser.py | ||
| generator.py | ||
| header.py | ||
| iterators.py | ||
| message.py | ||
| parser.py | ||
| quoprimime.py | ||
| utils.py |