Skip to content

[3.11] gh-80222: Fix email address header folding with long quoted-string (GH-122753) #129009

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Feb 19, 2025
Merged

[3.11] gh-80222: Fix email address header folding with long quoted-string (GH-122753) #129009

merged 2 commits into from
Feb 19, 2025

Conversation

miss-islington
Copy link
Contributor

@miss-islington miss-islington commented Jan 19, 2025
edited by bedevere-app bot
Loading

Email generators using email.policy.default could incorrectly omit the
quote ('"') characters from a quoted-string during header refolding,
leading to invalid address headers and enabling header spoofing. This
change restores the quote characters on a bare-quoted-string as the
header is refolded, and escapes backslash and quote chars in the string.
(cherry picked from commit 5aaf416)

Co-authored-by: Mike Edmunds medmunds@gmail.com

@medmunds @miss-islington
pythongh-80222: Fix email address header folding with long quoted-str…
fb09ca7 
…ing (pythonGH-122753)

Email generators using email.policy.default could incorrectly omit the
quote ('"') characters from a quoted-string during header refolding,
leading to invalid address headers and enabling header spoofing. This
change restores the quote characters on a bare-quoted-string as the
header is refolded, and escapes backslash and quote chars in the string.
(cherry picked from commit 5aaf416)

Co-authored-by: Mike Edmunds <medmunds@gmail.com>
@miss-islington miss-islington requested a review from a team as a code owner January 19, 2025 00:51
@bedevere-app bedevere-app bot mentioned this pull request Jan 19, 2025
Closed
@bedevere-app bedevere-app bot added topic-email type-security A security issue labels Jan 19, 2025
@bedevere-app bedevere-app bot mentioned this pull request Jan 19, 2025
Merged
@terryjreedy
Copy link
Member

@hugovk Unlike the 3.10 backport, this is ready.

@ambv ambv merged commit 7cff053 into python:3.11 Feb 19, 2025
22 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
topic-email type-security A security issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@miss-islington @terryjreedy @ambv @medmunds @encukou
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy