]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 558e27a) | patch
[3.9] gh-80222: Fix email address header folding with long quoted-string (GH-122753...
authorBrian Schubert <brianm.schubert@gmail.com>
Mon, 2 Jun 2025 15:57:06 +0000 (11:57 -0400)
committerGitHub <noreply@github.com>
Mon, 2 Jun 2025 15:57:06 +0000 (17:57 +0200)
commitd4df3c55e4c5513947f907f24766b34d2ae8c090
tree0bc39c7528f843fd2220f292e1a26a47f726250etree | snapshot
parent558e27abf1f1e0f87262238bc1d9e84cca7743c6commit | diff
[3.9] gh-80222: Fix email address header folding with long quoted-string (GH-122753) (GH-129111) (GH-132371)

Email generators using email.policy.default could incorrectly omit the
quote ('"') characters from a quoted-string during header refolding,
leading to invalid address headers and enabling header spoofing. This
change restores the quote characters on a bare-quoted-string as the
header is refolded, and escapes backslash and quote chars in the string.

(cherry picked from commit 5aaf4168583)
(cherry picked from commit a4ef689ce670684ec132204b1cd03720c8e0a03d)

Co-authored-by: R. David Murray <rdmurray@bitdance.com>
Co-authored-by: Mike Edmunds <medmunds@gmail.com>
Co-authored-by: Ɓukasz Langa <lukasz@langa.pl>
Lib/email/_header_value_parser.py diff | blob | blame | history
Lib/test/test_email/test__header_value_parser.py diff | blob | blame | history
Misc/NEWS.d/next/Security/2024-08-06-11-43-08.gh-issue-80222.wfR4BU.rst [new file with mode: 0644] blob
Mirror of https://github.com/python/cpython.git