[CalendarServer-changes] [15195] CalendarServer/trunk/txdav/caldav/datastore/scheduling/imip

source_changes at macosforge.org source_changes at macosforge.org
Thu Oct 15 14:24:10 PDT 2015


Revision: 15195
          http://trac.calendarserver.org//changeset/15195
Author:   sagen at apple.com
Date:     2015-10-15 14:24:09 -0700 (Thu, 15 Oct 2015)
Log Message:
-----------
Scrub embedded mail headers

Modified Paths:
--------------
    CalendarServer/trunk/txdav/caldav/datastore/scheduling/imip/outbound.py
    CalendarServer/trunk/txdav/caldav/datastore/scheduling/imip/test/test_outbound.py

Modified: CalendarServer/trunk/txdav/caldav/datastore/scheduling/imip/outbound.py
===================================================================
--- CalendarServer/trunk/txdav/caldav/datastore/scheduling/imip/outbound.py	2015-10-15 21:17:21 UTC (rev 15194)
+++ CalendarServer/trunk/txdav/caldav/datastore/scheduling/imip/outbound.py	2015-10-15 21:24:09 UTC (rev 15195)
@@ -22,6 +22,7 @@
 
 from cStringIO import StringIO
 import os
+import re
 
 from email.mime.multipart import MIMEMultipart
 from email.mime.text import MIMEText
@@ -48,6 +49,9 @@
 log = Logger()
 
 
+EMBEDDED_HEADER_CHECK = re.compile(r'\n[^ \t]+:')
+
+
 """ SCHEMA:
 create sequence WORKITEM_SEQ;
 
@@ -489,6 +493,16 @@
             returnValue(False)
 
 
+    def _scrubHeader(self, value):
+        """
+        Check for what would be considered "embedded headers" and, if present,
+        remove the newlines.
+        """
+        if EMBEDDED_HEADER_CHECK.search(value) is not None:
+            value = value.replace("\n", " ")
+        return value
+
+
     def generateEmail(self, inviteState, calendar, orgEmail, orgCN,
                       attendees, fromAddress, replyToAddress, toAddress,
                       language='en'):
@@ -556,9 +570,9 @@
 
         msg = MIMEMultipart()
         msg["From"] = fromAddress
-        msg["Subject"] = details['subject']
-        msg["Reply-To"] = replyToAddress
-        msg["To"] = toAddress
+        msg["Subject"] = self._scrubHeader(details['subject'])
+        msg["Reply-To"] = self._scrubHeader(replyToAddress)
+        msg["To"] = self._scrubHeader(toAddress)
         msg["Date"] = rfc822date()
         msgId = SMTPSender.betterMessageID()
         msg["Message-ID"] = msgId

Modified: CalendarServer/trunk/txdav/caldav/datastore/scheduling/imip/test/test_outbound.py
===================================================================
--- CalendarServer/trunk/txdav/caldav/datastore/scheduling/imip/test/test_outbound.py	2015-10-15 21:17:21 UTC (rev 15194)
+++ CalendarServer/trunk/txdav/caldav/datastore/scheduling/imip/test/test_outbound.py	2015-10-15 21:24:09 UTC (rev 15195)
@@ -56,7 +56,7 @@
  F-B543-B2F29A7EEB0B
 ORGANIZER;CN=Th\xe9 Organizer;EMAIL=organizer at example.com:urn:uuid:C3B38B00-
  4166-11DD-B22C-A07C87E02F6A
-SUMMARY:t\xe9sting outbound( )
+SUMMARY:testing outbound( )\\nEmbedded: Header
 DESCRIPTION:awesome description with "<" and "&"
 END:VEVENT
 END:VCALENDAR
@@ -386,6 +386,7 @@
                 u"Th\xe9 Organizer <organizer at example.com>",
                 "=?utf-8?q?Th=C3=A9_Organizer_=3Corganizer=40example=2Ecom=3E?=",
                 "attendee at example.com",
+                "Event invitation: testing outbound( ) Embedded: Header",
             ),
 
             # Update
@@ -420,6 +421,7 @@
                 u"Th\xe9 Organizer <organizer at example.com>",
                 "=?utf-8?q?Th=C3=A9_Organizer_=3Corganizer=40example=2Ecom=3E?=",
                 "attendee at example.com",
+                "=?utf-8?q?Event_update=3A_t=C3=A9sting_outbound=28_=29_*update*?=",
             ),
 
             # Reply
@@ -451,13 +453,14 @@
                 "attendee at example.com",
                 "attendee at example.com",
                 "organizer at example.com",
+                "=?utf-8?q?Event_reply=3A_t=C3=A9sting_outbound=28_=29_*reply*?=",
             ),
 
         )
         for (
             inputCalendar, UID, inputOriginator, inputRecipient, inviteState,
             outputOrganizerEmail, outputOrganizerName, outputAttendeeList,
-            outputFrom, encodedFrom, outputRecipient
+            outputFrom, encodedFrom, outputRecipient, outputSubject
         ) in data:
 
             txn = self.store.newTransaction()
@@ -478,6 +481,7 @@
             self.assertEquals(self.attendees, outputAttendeeList)
             self.assertEquals(self.fromAddress, outputFrom)
             self.assertEquals(self.toAddress, outputRecipient)
+            self.assertEquals(msg["Subject"], outputSubject)
 
             if UID: # The organizer is local, and server is sending to remote
                     # attendee
@@ -823,7 +827,12 @@
                            'inner</alpha>world</test>'])
 
 
+    def test_scrubHeader(self):
 
+        self.assertEquals(self.sender._scrubHeader("ABC"), "ABC")
+        self.assertEquals(self.sender._scrubHeader("ABC: 123\nXYZ: 456"), "ABC: 123 XYZ: 456")
+
+
 def partByType(message, contentType):
     """
     Retrieve a MIME part from an L{email.message.Message} based on a content
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20151015/cb4b6052/attachment.html>


More information about the calendarserver-changes mailing list