I notice a problem with the django's header injection prevention code.
It checks only if there's new line (\r or \n) in the header, I guess it
should be improved, since when we want to send a utf-8 header, it
reaches its limitation -
from python's email package email.Header.Header.encode() method's
comment:
" .... there is a
75-character length limit on any given encoded header field, so
line-wrapping must be performed, even with double-byte
character sets."
so, if you want to utf-8 encoded your mail header, and your subject
gets long enough, python's Header.encode() method WILL line-wrap your
subject, and when you try to pass your line-wrapped subject to django's
send_mail, your subject could not pass django's header injection check
and BadHeaderError is thrown.
here is my simple demo of the Header.encode() method's line-wrapping
behavior:
>>> subject_string = "helloooooo, I'm preeeeeetty
>>> looooooooooooooooooooooooooooog"
>>> len(subject_string)
59
>>> subject = Header(subject_string, 'utf-8')
>>> subject.encode()
'=?utf-8?q?helloooooo=2C_I=27m_preeeeeetty_looooooooooooooooooooooooooooog?='
>>> len(subject.encode())
75
>>> subject_string = "helloooooo, I'm preeeeeetty
>>> loooooooooooooooooooooooooooooog"
>>> len(subject_string) 60
>>> subject = Header(subject_string, 'utf-8') >>> subject.encode()
>>> '=?utf-8?q?helloooooo=2C_I=27m_preeeeeetty_loooooooooooooooooooooooooooooo?=\n
>>> =?utf-8?q?g?='
>>> len(subject.encode())
90
>>>
see, there is a '\n' in the last "subject".
- Eric
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users
-~----------~----~----~----~------~----~------~--~---
