mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-05 09:28:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
cpython/Lib/email
History
Exact
Miss Islington (bot) 5dfb5e640e
[3.12] gh-121284: Fix email address header folding with parsed encoded-word (GH-122754) (#131404) 
gh-121284: Fix email address header folding with parsed encoded-word (GH-122754)

Email generators using email.policy.default may convert an RFC 2047
encoded-word to unencoded form during header refolding. In a structured
header, this could allow 'specials' chars outside a quoted-string,
leading to invalid address headers and enabling spoofing. This change
ensures a parsed encoded-word that contains specials is kept as an
encoded-word while the header is refolded.

[Better fix from @bitdancer.]

---------
(cherry picked from commit 295b53df2a)

Co-authored-by: Mike Edmunds <medmunds@gmail.com>
Co-authored-by: R David Murray <rdmurray@bitdance.com>
Co-authored-by: Petr Viktorin <encukou@gmail.com>
2025-03-18 15:35:32 -04:00
..
mime gh-102498 Clean up unused variables and imports in the email module (#102482) 2023-04-24 19:19:28 +00:00
__init__.py gh-102507 Remove invisible pagebreak characters (#102531) 2023-03-08 13:58:14 +00:00
_encoded_words.py bpo-43323: Fix UnicodeEncodeError in the email module (GH-32137) 2022-04-30 13:17:23 +03:00
_header_value_parser.py [3.12] gh-121284: Fix email address header folding with parsed encoded-word (GH-122754) (#131404) 2025-03-18 15:35:32 -04:00
_parseaddr.py gh-95087: Fix IndexError in parsing invalid date in the email module (GH-95201) 2022-07-25 09:17:25 +03:00
_policybase.py [3.12] gh-124452: Fix header mismatches when folding/unfolding with email message (GH-125919) (#126916) 2024-11-17 15:12:29 -05:00
architecture.rst
base64mime.py gh-102507 Remove invisible pagebreak characters (#102531) 2023-03-08 13:58:14 +00:00
charset.py gh-102498 Clean up unused variables and imports in the email module (#102482) 2023-04-24 19:19:28 +00:00
contentmanager.py bpo-46565: del loop vars that are leaking into module namespaces (GH-30993) 2022-02-03 11:20:08 +02:00
encoders.py gh-102507 Remove invisible pagebreak characters (#102531) 2023-03-08 13:58:14 +00:00
errors.py [3.12] gh-121650: Encode newlines in headers, and verify headers are sound (GH-122233) (#122599) 2024-08-06 19:07:19 +02:00
feedparser.py [3.12] gh-106186: Don't report MultipartInvariantViolationDefect for valid multipart emails when parsing header only (GH-107016) (#107111) 2023-07-23 14:28:28 +02:00
generator.py [3.12] gh-121650: Encode newlines in headers, and verify headers are sound (GH-122233) (#122599) 2024-08-06 19:07:19 +02:00
header.py gh-102507 Remove invisible pagebreak characters (#102531) 2023-03-08 13:58:14 +00:00
headerregistry.py bpo-26579: Add object.__getstate__(). (GH-2821) 2022-04-06 20:00:14 +03:00
iterators.py gh-102507 Remove invisible pagebreak characters (#102531) 2023-03-08 13:58:14 +00:00
message.py [3.12] gh-98188: Fix EmailMessage.get_payload to decode data when CTE value has extra text (GH-127547) (#128529) 2025-01-07 12:44:56 -05:00
parser.py gh-102507 Remove invisible pagebreak characters (#102531) 2023-03-08 13:58:14 +00:00
policy.py [3.12] gh-124452: Fix header mismatches when folding/unfolding with email message (GH-125919) (#126916) 2024-11-17 15:12:29 -05:00
quoprimime.py bpo-46565: del loop vars that are leaking into module namespaces (GH-30993) 2022-02-03 11:20:08 +02:00
utils.py [3.12] [CVE-2023-27043] gh-102988: Reject malformed addresses in email.parseaddr() (GH-111116) (#123766) 2024-09-06 12:46:16 +02:00