Don't passthrough 'Content-Type: multipart/signed' header

author Stephen Finucane <stephen@that.guru>

Sun, 4 Nov 2018 14:25:03 +0000 (14:25 +0000)

committer Stephen Finucane <stephen@that.guru>

Mon, 12 Nov 2018 13:57:08 +0000 (13:57 +0000)
author Stephen Finucane <stephen@that.guru>
Sun, 4 Nov 2018 14:25:03 +0000 (14:25 +0000)
committer Stephen Finucane <stephen@that.guru>
Mon, 12 Nov 2018 13:57:08 +0000 (13:57 +0000)
diff --git a/patchwork/tests/test_mboxviews.py b/patchwork/tests/test_mboxviews.py

index 50444d65453f3c99950d89300fe903f0353c43e4..87c75ecad5372f69c20089c1e67bc019a689d5be 100644 (file)
--- a/patchwork/tests/test_mboxviews.py
+++ b/patchwork/tests/test_mboxviews.py
@@ -111,6 +111,21 @@ class MboxHeaderTest(TestCase):
          header = 'List-Id: Patchwork development <patchwork.lists.ozlabs.org>'
          self._test_header_passthrough(header)
  
+    def _test_header_dropped(self, header):
+        patch = create_patch(headers=header + '\n')
+        response = self.client.get(reverse('patch-mbox', args=[patch.id]))
+        self.assertNotContains(response, header)
+
+    def test_header_dropped_content_transfer_encoding(self):
+        """Validate dropping of 'Content-Transfer-Encoding' header."""
+        header = 'Content-Transfer-Encoding: quoted-printable'
+        self._test_header_dropped(header)
+
+    def test_header_dropped_content_type_multipart_signed(self):
+        """Validate dropping of 'Content-Type=multipart/signed' header."""
+        header = 'Content-Type: multipart/signed'
+        self._test_header_dropped(header)
+
      def test_patchwork_id_header(self):
          """Validate inclusion of generated 'X-Patchwork-Id' header."""
          patch = create_patch()
diff --git a/patchwork/views/utils.py b/patchwork/views/utils.py

index 3c5d2982093e150f390b702aea39cd346c5e533a..1da1aaabf50326fde4419c2ffb5946a96207c425 100644 (file)
--- a/patchwork/views/utils.py
+++ b/patchwork/views/utils.py
@@ -84,8 +84,14 @@ def _submission_to_mbox(submission):
  
      orig_headers = HeaderParser().parsestr(str(submission.headers))
      for key, val in orig_headers.items():
+        # we set this ourselves
          if key == 'Content-Transfer-Encoding':
              continue
+        # we don't save GPG signatures described in RFC1847 [1] so this
+        # Content-Type value is invalid
+        # [1] https://tools.ietf.org/html/rfc1847
+        if key == 'Content-Type' and val == 'multipart/signed':
+            continue
          mail[key] = val
  
      if 'Date' not in mail:
author	Stephen Finucane <stephen@that.guru>
	Sun, 4 Nov 2018 14:25:03 +0000 (14:25 +0000)
committer	Stephen Finucane <stephen@that.guru>
	Mon, 12 Nov 2018 13:57:08 +0000 (13:57 +0000)
patchwork/tests/test_mboxviews.py		patch \| blob \| blame \| history
patchwork/views/utils.py		patch \| blob \| blame \| history