Fixed #7574 -- Fixed the handling of lazy translation in email headers. (f49c5c23) · Commits · Dom Sekotill / django

django/core/mail.py

+3 −2

Original line number	Diff line number	Diff line
		@@ -71,10 +71,11 @@ class BadHeaderError(ValueError):

		def forbid_multi_line_headers(name, val):
		"""Forbids multi-line headers, to prevent header injection."""
		val = force_unicode(val)
		if '\n' in val or '\r' in val:
		raise BadHeaderError("Header values can't contain newlines (got %r for header %r)" % (val, name))
		try:
		val = force_unicode(val).encode('ascii')
		val = val.encode('ascii')
		except UnicodeEncodeError:
		if name.lower() in ('to', 'from', 'cc'):
		result = []
		@@ -84,7 +85,7 @@ def forbid_multi_line_headers(name, val):
		result.append(formataddr((nm, str(addr))))
		val = ', '.join(result)
		else:
		val = Header(force_unicode(val), settings.DEFAULT_CHARSET)
		val = Header(val, settings.DEFAULT_CHARSET)
		return name, val

		class SafeMIMEText(MIMEText):

+8 −1

Original line number	Diff line number	Diff line
		@@ -3,6 +3,7 @@ r"""
		# Tests for the django.core.mail.

		>>> from django.core.mail import EmailMessage
		>>> from django.utils.translation import ugettext_lazy

		# Test normal ascii character case:

		@@ -36,6 +37,12 @@ r"""
		>>> message = email.message()
		Traceback (most recent call last):
		...
		BadHeaderError: Header values can't contain newlines (got 'Subject\nInjection Test' for header 'Subject')
		BadHeaderError: Header values can't contain newlines (got u'Subject\nInjection Test' for header 'Subject')

		>>> email = EmailMessage(ugettext_lazy('Subject\nInjection Test'), 'Content', 'from@example.com', ['to@example.com'])
		>>> message = email.message()
		Traceback (most recent call last):
		...
		BadHeaderError: Header values can't contain newlines (got u'Subject\nInjection Test' for header 'Subject')

		"""