Message201898
I'm not sure how appropriate it is to "validate" a header using the Header object. Header is for *composing* internationalized headers, and does no validation to speak of. However, if you'd like to write a patch to add this check, I would probably commit it, since it is analogous to issue 5871.
However, since the security issue was already dealt with in issue 5871, this fix would be a convenience (detecting the issue earlier). On the flip side, it would also be a behavior change, so there might be objections to backporting it. (Do any programs use Header for things other than composing email messages and actually rely on embedded newlines? I hope not, but you never know :)
Further, if you use the new policies available in 3.3 and 3.4 (currently provisional, but they are the Way of the Future ;), you don't ever need to use Header objects, and embedded newlines are rejected as soon as you try to assign a string containing them as a header value in a message object. |
|
Date |
User |
Action |
Args |
2013-11-01 13:36:17 | r.david.murray | set | recipients:
+ r.david.murray, barry, hhm, vajrasky |
2013-11-01 13:36:17 | r.david.murray | set | messageid: <1383312977.77.0.39401408042.issue19470@psf.upfronthosting.co.za> |
2013-11-01 13:36:17 | r.david.murray | link | issue19470 messages |
2013-11-01 13:36:17 | r.david.murray | create | |
|