STINNER Victor <[email protected]> added the comment:
Python 2.7 doesn't have email.policy module.
For Python 2.7, I wrote this code:
---
import email.header
import email.message
msg = email.message.Message()
msg.set_charset("UTF-8")
msg['Subject'] = email.header.Header(u'\u0105' * 12, maxlinelen=20,
charset="UTF-8")
print(msg.as_string())
---
I get this output:
---
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Subject: =?utf-8?b?xIU=?=
=?utf-8?b?xIU=?=
=?utf-8?b?xIU=?=
=?utf-8?b?xIU=?=
=?utf-8?b?xIU=?=
=?utf-8?b?xIU=?=
=?utf-8?b?xIU=?=
=?utf-8?b?xIU=?=
=?utf-8?b?xIU=?=
=?utf-8?b?xIU=?=
=?utf-8?b?xIU=?=
=?utf-8?b?xIU=?=
---
I have no idea if this example says that Python 2.7 is vulnerable or not. I get
a different output on the master branch:
---
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Subject: =?utf-8?b?xIXEhcSFxIXEhcSFxIXEhcSFxIXEhcSF?=
---
But I don't know if I use the email API properly. "Subject:
=?utf-8?b?xIXEhcSFxIXEhcSFxIXEhcSFxIXEhcSF?=" is longer than 20 characters.
----------
_______________________________________
Python tracker <[email protected]>
<https://bugs.python.org/issue33529>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
