From 07e69cf16e80a1514f0e7e6f8110063eeb738c44 Mon Sep 17 00:00:00 2001 From: Mark Sapiro Date: Thu, 13 Jan 2011 16:53:30 -0800 Subject: - Fixed a bug that could erroneously handle posts from addresses in *_these_nonmembers and send held/rejected notices to bogus addresses when The From or other sender header is RFC 2047 encoded. Bug #702516. --- Mailman/Message.py | 12 +++++++----- NEWS | 4 ++++ 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/Mailman/Message.py b/Mailman/Message.py index 84e4aa26..3bbb9ecc 100644 --- a/Mailman/Message.py +++ b/Mailman/Message.py @@ -1,4 +1,4 @@ -# Copyright (C) 1998-2009 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2011 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -149,9 +149,11 @@ class Message(email.Message.Message): if not fieldval: continue # Work around bug in email 2.5.8 (and ?) involving getaddresses() - # from multi-line header values. Note that cset='us-ascii' is OK - # since the address itself can't be RFC 2047 encoded. - fieldval = Utils.oneline(fieldval, 'us-ascii') + # from multi-line header values. + # Don't use Utils.oneline() here because the header must not be + # decoded before parsing since the decoded header may contain + # an unquoted comma or other delimiter in a real name. + fieldval = ''.join(fieldval.splitlines()) addrs = email.Utils.getaddresses([fieldval]) try: realname, address = addrs[0] @@ -207,7 +209,7 @@ class Message(email.Message.Message): if fieldvals: # See comment above in get_sender() regarding # getaddresses() and multi-line headers - fieldvals = [Utils.oneline(fv, 'us-ascii') + fieldvals = [''.join(fv.splitlines()) for fv in fieldvals] pairs.extend(email.Utils.getaddresses(fieldvals)) authors = [] diff --git a/NEWS b/NEWS index b7527917..6d5258ba 100644 --- a/NEWS +++ b/NEWS @@ -13,6 +13,10 @@ Here is a history of user visible changes to Mailman. Bug Fixes and other patches + - Fixed a bug that could erroneously handle posts from addresses in + *_these_nonmembers and send held/rejected notices to bogus addresses when + The From or other sender header is RFC 2047 encoded. Bug #702516. + - Updated contrib/mm-handler-2.1.10 to better handle lists with names that look like admin addresses. Bug #697161. -- cgit v1.2.3