Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork32.4k
[3.12] gh-121650: Encode newlines in headers, and verify headers are sound (GH-122233)#122599
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Merged
Uh oh!
There was an error while loading.Please reload this page.
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
…ound (pythonGH-122233)- Encode header parts that contain newlinesPer RFC 2047:> [...] these encoding schemes allow the> encoding of arbitrary octet values, mail readers that implement this> decoding should also ensure that display of the decoded data on the> recipient's terminal will not cause unwanted side-effectsIt seems that the "quoted-word" scheme is a valid way to includea newline character in a header value, just like we already allowundecodable bytes or control characters.They do need to be properly quoted when serialized to text, though.- Verify that email headers are well-formedThis should fail for custom fold() implementations that aren't carefulabout newlines.Co-authored-by: Bas Bloemsaat <bas@bloemsaat.org>Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>(cherry picked from commit0976339)
This was referencedAug 2, 2024
Marking this for consideration as a release blocker. |
4766d12 intopython:3.12 31 checks passed
Uh oh!
There was an error while loading.Please reload this page.
smoser added a commit to smoser/advisories that referenced this pull requestAug 8, 2024
The fix for this issue was included in upstream release of 3.12.5.python/cpython#122599
github-merge-queuebot pushed a commit to wolfi-dev/advisories that referenced this pull requestAug 8, 2024
The fix for this issue was included in upstream release of 3.12.5.python/cpython#122599
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading.Please reload this page.
Per RFC 2047:
It seems that the "quoted-word" scheme is a valid way to include
a newline character in a header value, just like we already allow
undecodable bytes or control characters.
They do need to be properly quoted when serialized to text, though.
This should fail for custom fold() implementations that aren't careful
about newlines.
Co-authored-by: Bas Bloemsaatbas@bloemsaat.org
Co-authored-by: Serhiy Storchakastorchaka@gmail.com
(cherry picked from commit0976339)
📚 Documentation preview 📚:https://cpython-previews--122599.org.readthedocs.build/