Don't passthrough 'Content-Type: multipart/signed' header

author Stephen Finucane <stephen@that.guru>

Sun, 4 Nov 2018 14:25:03 +0000 (14:25 +0000)

committer Stephen Finucane <stephen@that.guru>

Mon, 12 Nov 2018 13:58:08 +0000 (13:58 +0000)
author Stephen Finucane <stephen@that.guru>
Sun, 4 Nov 2018 14:25:03 +0000 (14:25 +0000)
committer Stephen Finucane <stephen@that.guru>
Mon, 12 Nov 2018 13:58:08 +0000 (13:58 +0000)
diff --git a/patchwork/tests/test_mboxviews.py b/patchwork/tests/test_mboxviews.py

index 8eb3581adafe732e97632d370dd91c95c04f47b2..dabbb99ca1ebb85f21e23e5581f1d7ef7f68521c 100644 (file)
--- a/patchwork/tests/test_mboxviews.py
+++ b/patchwork/tests/test_mboxviews.py
@@ -125,6 +125,21 @@ class MboxHeaderTest(TestCase):
          header = 'List-Id: Patchwork development <patchwork.lists.ozlabs.org>'
          self._test_header_passthrough(header)
  
+    def _test_header_dropped(self, header):
+        patch = create_patch(headers=header + '\n')
+        response = self.client.get(reverse('patch-mbox', args=[patch.id]))
+        self.assertNotContains(response, header)
+
+    def test_header_dropped_content_transfer_encoding(self):
+        """Validate dropping of 'Content-Transfer-Encoding' header."""
+        header = 'Content-Transfer-Encoding: quoted-printable'
+        self._test_header_dropped(header)
+
+    def test_header_dropped_content_type_multipart_signed(self):
+        """Validate dropping of 'Content-Type=multipart/signed' header."""
+        header = 'Content-Type: multipart/signed'
+        self._test_header_dropped(header)
+
      def test_patchwork_id_header(self):
          """Validate inclusion of generated 'X-Patchwork-Id' header."""
          patch = create_patch()
diff --git a/patchwork/views/utils.py b/patchwork/views/utils.py

index 2357ab86d46cc03171bc037378d2d399033f8e6d..fb0195ceb08c13f04e8896a791be9bae8a183187 100644 (file)
--- a/patchwork/views/utils.py
+++ b/patchwork/views/utils.py
@@ -99,8 +99,14 @@ def _submission_to_mbox(submission):
  
      orig_headers = HeaderParser().parsestr(str(submission.headers))
      for key, val in orig_headers.items():
+        # we set this ourselves
          if key == 'Content-Transfer-Encoding':
              continue
+        # we don't save GPG signatures described in RFC1847 [1] so this
+        # Content-Type value is invalid
+        # [1] https://tools.ietf.org/html/rfc1847
+        if key == 'Content-Type' and val == 'multipart/signed':
+            continue
          mail[key] = val
  
      if 'Date' not in mail:
author	Stephen Finucane <stephen@that.guru>
	Sun, 4 Nov 2018 14:25:03 +0000 (14:25 +0000)
committer	Stephen Finucane <stephen@that.guru>
	Mon, 12 Nov 2018 13:58:08 +0000 (13:58 +0000)
patchwork/tests/test_mboxviews.py		patch \| blob \| blame \| history
patchwork/views/utils.py		patch \| blob \| blame \| history