Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[3.9] gh-121650: Encode newlines in headers, and verify headers are sound (GH-122233) #122610

Merged
merged 1 commit into from
Sep 4, 2024

Conversation

ambv
Copy link
Contributor

@ambv ambv commented Aug 2, 2024

Per RFC 2047:

[...] these encoding schemes allow the
encoding of arbitrary octet values, mail readers that implement this
decoding should also ensure that display of the decoded data on the
recipient's terminal will not cause unwanted side-effects

It seems that the "quoted-word" scheme is a valid way to include a newline character in a header value, just like we already allow undecodable bytes or control characters.
They do need to be properly quoted when serialized to text, though.

This should fail for custom fold() implementations that aren't careful about newlines.

(cherry-picked from commit 0976339)

… are sound (pythonGH-122233)

Per RFC 2047:

> [...] these encoding schemes allow the
> encoding of arbitrary octet values, mail readers that implement this
> decoding should also ensure that display of the decoded data on the
> recipient's terminal will not cause unwanted side-effects

It seems that the "quoted-word" scheme is a valid way to include
a newline character in a header value, just like we already allow
undecodable bytes or control characters.
They do need to be properly quoted when serialized to text, though.

This should fail for custom fold() implementations that aren't careful
about newlines.

(cherry picked from commit 0976339)

Co-authored-by: Petr Viktorin <[email protected]>
Co-authored-by: Bas Bloemsaat <[email protected]>
Co-authored-by: Serhiy Storchaka <[email protected]>
Copy link
Member

@vstinner vstinner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM: straightforward backport and the change is properly documented as .. versionadded:: 3.9.20 with "Notable changes in 3.9.20" in What's New in Python 3.9. I compared this 3.9 change to the change in the main branch.

@vstinner
Copy link
Member

vstinner commented Sep 2, 2024

Tests / macOS (pull_request) Failing after 10m

Sadly, something is wrong with ndbm:

3 tests failed:
    test_dbm test_dbm_ndbm test_shelve

@ambv ambv merged commit f7be505 into python:3.9 Sep 4, 2024
13 of 14 checks passed
@ambv ambv deleted the backport-0976339-3.9 branch September 4, 2024 15:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants