[CalendarServer-changes] [15195] CalendarServer/trunk/txdav/caldav/datastore/scheduling/imip
source_changes at macosforge.org
source_changes at macosforge.org
Thu Oct 15 14:24:10 PDT 2015
Revision: 15195
http://trac.calendarserver.org//changeset/15195
Author: sagen at apple.com
Date: 2015-10-15 14:24:09 -0700 (Thu, 15 Oct 2015)
Log Message:
-----------
Scrub embedded mail headers
Modified Paths:
--------------
CalendarServer/trunk/txdav/caldav/datastore/scheduling/imip/outbound.py
CalendarServer/trunk/txdav/caldav/datastore/scheduling/imip/test/test_outbound.py
Modified: CalendarServer/trunk/txdav/caldav/datastore/scheduling/imip/outbound.py
===================================================================
--- CalendarServer/trunk/txdav/caldav/datastore/scheduling/imip/outbound.py 2015-10-15 21:17:21 UTC (rev 15194)
+++ CalendarServer/trunk/txdav/caldav/datastore/scheduling/imip/outbound.py 2015-10-15 21:24:09 UTC (rev 15195)
@@ -22,6 +22,7 @@
from cStringIO import StringIO
import os
+import re
from email.mime.multipart import MIMEMultipart
from email.mime.text import MIMEText
@@ -48,6 +49,9 @@
log = Logger()
+EMBEDDED_HEADER_CHECK = re.compile(r'\n[^ \t]+:')
+
+
""" SCHEMA:
create sequence WORKITEM_SEQ;
@@ -489,6 +493,16 @@
returnValue(False)
+ def _scrubHeader(self, value):
+ """
+ Check for what would be considered "embedded headers" and, if present,
+ remove the newlines.
+ """
+ if EMBEDDED_HEADER_CHECK.search(value) is not None:
+ value = value.replace("\n", " ")
+ return value
+
+
def generateEmail(self, inviteState, calendar, orgEmail, orgCN,
attendees, fromAddress, replyToAddress, toAddress,
language='en'):
@@ -556,9 +570,9 @@
msg = MIMEMultipart()
msg["From"] = fromAddress
- msg["Subject"] = details['subject']
- msg["Reply-To"] = replyToAddress
- msg["To"] = toAddress
+ msg["Subject"] = self._scrubHeader(details['subject'])
+ msg["Reply-To"] = self._scrubHeader(replyToAddress)
+ msg["To"] = self._scrubHeader(toAddress)
msg["Date"] = rfc822date()
msgId = SMTPSender.betterMessageID()
msg["Message-ID"] = msgId
Modified: CalendarServer/trunk/txdav/caldav/datastore/scheduling/imip/test/test_outbound.py
===================================================================
--- CalendarServer/trunk/txdav/caldav/datastore/scheduling/imip/test/test_outbound.py 2015-10-15 21:17:21 UTC (rev 15194)
+++ CalendarServer/trunk/txdav/caldav/datastore/scheduling/imip/test/test_outbound.py 2015-10-15 21:24:09 UTC (rev 15195)
@@ -56,7 +56,7 @@
F-B543-B2F29A7EEB0B
ORGANIZER;CN=Th\xe9 Organizer;EMAIL=organizer at example.com:urn:uuid:C3B38B00-
4166-11DD-B22C-A07C87E02F6A
-SUMMARY:t\xe9sting outbound( )
+SUMMARY:testing outbound( )\\nEmbedded: Header
DESCRIPTION:awesome description with "<" and "&"
END:VEVENT
END:VCALENDAR
@@ -386,6 +386,7 @@
u"Th\xe9 Organizer <organizer at example.com>",
"=?utf-8?q?Th=C3=A9_Organizer_=3Corganizer=40example=2Ecom=3E?=",
"attendee at example.com",
+ "Event invitation: testing outbound( ) Embedded: Header",
),
# Update
@@ -420,6 +421,7 @@
u"Th\xe9 Organizer <organizer at example.com>",
"=?utf-8?q?Th=C3=A9_Organizer_=3Corganizer=40example=2Ecom=3E?=",
"attendee at example.com",
+ "=?utf-8?q?Event_update=3A_t=C3=A9sting_outbound=28_=29_*update*?=",
),
# Reply
@@ -451,13 +453,14 @@
"attendee at example.com",
"attendee at example.com",
"organizer at example.com",
+ "=?utf-8?q?Event_reply=3A_t=C3=A9sting_outbound=28_=29_*reply*?=",
),
)
for (
inputCalendar, UID, inputOriginator, inputRecipient, inviteState,
outputOrganizerEmail, outputOrganizerName, outputAttendeeList,
- outputFrom, encodedFrom, outputRecipient
+ outputFrom, encodedFrom, outputRecipient, outputSubject
) in data:
txn = self.store.newTransaction()
@@ -478,6 +481,7 @@
self.assertEquals(self.attendees, outputAttendeeList)
self.assertEquals(self.fromAddress, outputFrom)
self.assertEquals(self.toAddress, outputRecipient)
+ self.assertEquals(msg["Subject"], outputSubject)
if UID: # The organizer is local, and server is sending to remote
# attendee
@@ -823,7 +827,12 @@
'inner</alpha>world</test>'])
+ def test_scrubHeader(self):
+ self.assertEquals(self.sender._scrubHeader("ABC"), "ABC")
+ self.assertEquals(self.sender._scrubHeader("ABC: 123\nXYZ: 456"), "ABC: 123 XYZ: 456")
+
+
def partByType(message, contentType):
"""
Retrieve a MIME part from an L{email.message.Message} based on a content
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20151015/cb4b6052/attachment.html>
More information about the calendarserver-changes
mailing list