diff options
author | Stephen Finucane <stephen@that.guru> | 2018-11-04 14:25:03 +0000 |
---|---|---|
committer | Stephen Finucane <stephen@that.guru> | 2018-11-12 13:57:08 +0000 |
commit | 22093692a80f9c028dc424cb1e664d449d0dcc4e (patch) | |
tree | 0098f61e956e7c72e501f92bf4a97ef442d9c99e | |
parent | 9b26f5843bd60e2c6e1b731519b2709db4fd28a3 (diff) | |
download | patchwork-22093692a80f9c028dc424cb1e664d449d0dcc4e.tar patchwork-22093692a80f9c028dc424cb1e664d449d0dcc4e.tar.gz |
Don't passthrough 'Content-Type: multipart/signed' header
We don't GPG signatures, therefore this header is incorrect. Stop
passing it through.
Test for the other dropped header are also included.
Signed-off-by: Stephen Finucane <stephen@that.guru>
Acked-by: Veronika Kabatova <vkabatov@redhat.com>
Closes: #221
-rw-r--r-- | patchwork/tests/test_mboxviews.py | 15 | ||||
-rw-r--r-- | patchwork/views/utils.py | 6 |
2 files changed, 21 insertions, 0 deletions
diff --git a/patchwork/tests/test_mboxviews.py b/patchwork/tests/test_mboxviews.py index 50444d6..87c75ec 100644 --- a/patchwork/tests/test_mboxviews.py +++ b/patchwork/tests/test_mboxviews.py @@ -111,6 +111,21 @@ class MboxHeaderTest(TestCase): header = 'List-Id: Patchwork development <patchwork.lists.ozlabs.org>' self._test_header_passthrough(header) + def _test_header_dropped(self, header): + patch = create_patch(headers=header + '\n') + response = self.client.get(reverse('patch-mbox', args=[patch.id])) + self.assertNotContains(response, header) + + def test_header_dropped_content_transfer_encoding(self): + """Validate dropping of 'Content-Transfer-Encoding' header.""" + header = 'Content-Transfer-Encoding: quoted-printable' + self._test_header_dropped(header) + + def test_header_dropped_content_type_multipart_signed(self): + """Validate dropping of 'Content-Type=multipart/signed' header.""" + header = 'Content-Type: multipart/signed' + self._test_header_dropped(header) + def test_patchwork_id_header(self): """Validate inclusion of generated 'X-Patchwork-Id' header.""" patch = create_patch() diff --git a/patchwork/views/utils.py b/patchwork/views/utils.py index 3c5d298..1da1aaa 100644 --- a/patchwork/views/utils.py +++ b/patchwork/views/utils.py @@ -84,8 +84,14 @@ def _submission_to_mbox(submission): orig_headers = HeaderParser().parsestr(str(submission.headers)) for key, val in orig_headers.items(): + # we set this ourselves if key == 'Content-Transfer-Encoding': continue + # we don't save GPG signatures described in RFC1847 [1] so this + # Content-Type value is invalid + # [1] https://tools.ietf.org/html/rfc1847 + if key == 'Content-Type' and val == 'multipart/signed': + continue mail[key] = val if 'Date' not in mail: |