Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent custom_header with accents #1840

Closed
ldidry opened this issue May 16, 2024 · 1 comment · Fixed by #1844
Closed

Prevent custom_header with accents #1840

ldidry opened this issue May 16, 2024 · 1 comment · Fixed by #1844
Labels
bug

Comments

@ldidry
Copy link
Contributor

ldidry commented May 16, 2024

Expected Behavior

People shouldn’t be able to set a custom_header with an accent, which makes Sympa crash.

Current Behavior

People can set a custom_header with an accent, which makes Sympa crash.

Possible Solution

We could set a pattern attribute to the input field, like ^[a-zA-Z0-9]*$, or set a similar validation in the backend.

Context

A user has set X-Expéditeur as custom_header, which made sympa_msg crash, preventing to keep processing other mails.

Crash log:

2024-05-14T15:59:11.054874+02:00 rod3 sympa_msg[2057866]: err main::#242 > Sympa::Spindle::spin#95 > Sympa::Spindle::TransformOutgoing::_twist#105 > Sympa::Message::add_header#399 > Mail::Header::add#472 > Mail::Header::_fmt_line#163 > Carp::croak#289 DIED: Bad RFC822 field name 'X-Expéditeur'  at /home/sympa/bin/Sympa/Message.pm line 399.
@ikedas
Copy link
Member

ikedas commented May 16, 2024

RFC 5322 says (in section 2.2 "Header fields"):

A field name MUST be composed of printable US-ASCII characters (i.e.,
characters that have values between 33 and 126, inclusive), except
colon.

Thus, I suppose, it should not contain accented characters.

@ikedas ikedas added bug and removed enhancement labels May 18, 2024
ikedas added a commit to ikedas/sympa that referenced this issue May 26, 2024
@ikedas
Prevent custom_header with non-ASCII characters (sympa-community#1840)
55598ae
@ikedas ikedas mentioned this issue May 26, 2024
Merged
ikedas added a commit that referenced this issue Sep 17, 2024
@ikedas
Merge pull request #1844 from ikedas/issue-1840 by ikedas
ef67c0f 
Prevent custom_header with non-ASCII characters (#1840)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Prevent custom_header with non-ASCII characters (#1840) ikedas/sympa
2 participants
@ldidry @ikedas