From: Stephen Finucane Date: Sun, 4 Nov 2018 14:25:03 +0000 (+0000) Subject: Don't passthrough 'Content-Type: multipart/signed' header X-Git-Tag: v2.1.2~18 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4f1dc4febf7b03449d5d284c5ffa558401a16af0;p=thirdparty%2Fpatchwork.git Don't passthrough 'Content-Type: multipart/signed' header We don't GPG signatures, therefore this header is incorrect. Stop passing it through. Test for the other dropped header are also included. Signed-off-by: Stephen Finucane Acked-by: Veronika Kabatova Closes: #221 (cherry picked from commit 22093692a80f9c028dc424cb1e664d449d0dcc4e) --- diff --git a/patchwork/tests/test_mboxviews.py b/patchwork/tests/test_mboxviews.py index 8eb3581a..dabbb99c 100644 --- a/patchwork/tests/test_mboxviews.py +++ b/patchwork/tests/test_mboxviews.py @@ -125,6 +125,21 @@ class MboxHeaderTest(TestCase): header = 'List-Id: Patchwork development ' self._test_header_passthrough(header) + def _test_header_dropped(self, header): + patch = create_patch(headers=header + '\n') + response = self.client.get(reverse('patch-mbox', args=[patch.id])) + self.assertNotContains(response, header) + + def test_header_dropped_content_transfer_encoding(self): + """Validate dropping of 'Content-Transfer-Encoding' header.""" + header = 'Content-Transfer-Encoding: quoted-printable' + self._test_header_dropped(header) + + def test_header_dropped_content_type_multipart_signed(self): + """Validate dropping of 'Content-Type=multipart/signed' header.""" + header = 'Content-Type: multipart/signed' + self._test_header_dropped(header) + def test_patchwork_id_header(self): """Validate inclusion of generated 'X-Patchwork-Id' header.""" patch = create_patch() diff --git a/patchwork/views/utils.py b/patchwork/views/utils.py index 2357ab86..fb0195ce 100644 --- a/patchwork/views/utils.py +++ b/patchwork/views/utils.py @@ -99,8 +99,14 @@ def _submission_to_mbox(submission): orig_headers = HeaderParser().parsestr(str(submission.headers)) for key, val in orig_headers.items(): + # we set this ourselves if key == 'Content-Transfer-Encoding': continue + # we don't save GPG signatures described in RFC1847 [1] so this + # Content-Type value is invalid + # [1] https://tools.ietf.org/html/rfc1847 + if key == 'Content-Type' and val == 'multipart/signed': + continue mail[key] = val if 'Date' not in mail: