mirror of
https://github.com/python/cpython.git
synced 2024-12-03 23:06:43 +08:00
389af00371
svn+ssh://pythondev@svn.python.org/python/branches/py3k ........ r87873 | r.david.murray | 2011-01-08 21:35:24 -0500 (Sat, 08 Jan 2011) | 12 lines #5871: protect against header injection attacks. This makes Header.encode throw a HeaderParseError if it winds up formatting a header such that a continuation line has no leading whitespace and looks like a header. Since Header accepts values containing newlines and preserves them (and this is by design), without this fix any program that took user input (say, a subject in a web form) and passed it to the email package as a header was vulnerable to header injection attacks. (As far as we know this has never been exploited.) Thanks to Jakub Wilk for reporting this vulnerability. ........ |
||
---|---|---|
.. | ||
mime | ||
test | ||
__init__.py | ||
_parseaddr.py | ||
base64mime.py | ||
charset.py | ||
encoders.py | ||
errors.py | ||
feedparser.py | ||
generator.py | ||
header.py | ||
iterators.py | ||
message.py | ||
parser.py | ||
quoprimime.py | ||
utils.py |