• R. David Murray's avatar
    Merged revisions 87873 via svnmerge from · d97f5ce3
    R. David Murray yazdı
    svn+ssh://pythondev@svn.python.org/python/branches/py3k
    
    ........
      r87873 | r.david.murray | 2011-01-08 21:35:24 -0500 (Sat, 08 Jan 2011) | 12 lines
    
      #5871: protect against header injection attacks.
    
      This makes Header.encode throw a HeaderParseError if it winds up
      formatting a header such that a continuation line has no leading
      whitespace and looks like a header.  Since Header accepts values
      containing newlines and preserves them (and this is by design), without
      this fix any program that took user input (say, a subject in a web form)
      and passed it to the email package as a header was vulnerable to header
      injection attacks.  (As far as we know this has never been exploited.)
    
      Thanks to Jakub Wilk for reporting this vulnerability.
    ........
    d97f5ce3
Adı
Son kayıt (commit)
Son güncelleme
Demo Loading commit data...
Doc Loading commit data...
Grammar Loading commit data...
Include Loading commit data...
Lib Loading commit data...
Mac Loading commit data...
Misc Loading commit data...
Modules Loading commit data...
Objects Loading commit data...
PC Loading commit data...
PCbuild Loading commit data...
Parser Loading commit data...
Python Loading commit data...
RISCOS Loading commit data...
Tools Loading commit data...
.bzrignore Loading commit data...
.hgeol Loading commit data...
.hgignore Loading commit data...
.hgtags Loading commit data...
LICENSE Loading commit data...
Makefile.pre.in Loading commit data...
README Loading commit data...
configure Loading commit data...
configure.in Loading commit data...
install-sh Loading commit data...
pyconfig.h.in Loading commit data...
setup.py Loading commit data...