Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gh-91400: make sure email parsing dont unquote realnames with spaces #92638

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

gh-91400: make sure email parsing dont unquote realnames with spaces #92638

wants to merge 6 commits into from
+12 −2

Conversation

carlbordum
Copy link
Contributor

@carlbordum carlbordum commented May 10, 2022
edited by gpshead
Loading

"Quote the name" portion of an email address in email.utils.formataddr() when it contains any spaces.

@carlbordum carlbordum requested a review from a team as a code owner May 10, 2022 19:49
@gpshead
Restrict NEWS wording to the exact behavior change.
7aa20b8 
This way it describes the observable behavior change. Rather than the more broad wording that'd make a guarantee we don't actually test exhaustively for.
@bedevere-bot bedevere-bot mentioned this pull request Mar 17, 2023
Open
gpshead added 2 commits March 16, 2023 17:11
@gpshead
simplify the test
5723107 
running it a second time when a round tripped identical value has already been guaranteed doesn't do anything.  Though it was meaningful during the original bug report, in correct code it is not.
@gpshead
Add a comment describing the purpose of the regexes.
027aa0a
@gpshead gpshead self-assigned this Mar 17, 2023
@gpshead gpshead added type-bug An unexpected behavior, bug, or error stdlib Python modules in the Lib dir topic-email needs backport to 3.11 only security fixes needs backport to 3.10 only security fixes labels Mar 17, 2023
@gpshead
Copy link
Member

gpshead commented Mar 17, 2023

any objections from folks on email-team?

there is a caveat to this bug fix: anyone who had been working around it by doing their own test for characters and adding ""s when it wouldn't already be quoted by our existing code will now wind up with extra properly escaped " characters within their result.

that doesn't seem like a bad problem though, it is a valid address. Attempting to detect and handle that as a special case would be messy logic and lead to potentially worse outcomes of intended ""s that should be escaped not being preserved.

@arhadthedev
Copy link
Member

ping @python/email-team

@hugovk hugovk removed the needs backport to 3.10 only security fixes label Apr 8, 2023
@serhiy-storchaka serhiy-storchaka added needs backport to 3.12 bug and security fixes needs backport to 3.13 bugs and security fixes and removed needs backport to 3.11 only security fixes labels May 9, 2024
hugovk
hugovk approved these changes Mar 6, 2025
View reviewed changes
Copy link
Member

@hugovk hugovk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

any objections from folks on email-team?

~Two years later and no objections, let's merge this.

@bitdancer
Copy link
Member

Thanks for working on this, but see my analysis on the issue. The problem isn't with formataddr, which does the right thing, it's with parseaddr.

bitdancer
bitdancer requested changes Mar 6, 2025
View reviewed changes
Copy link
Member

@bitdancer bitdancer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

formataddr does the right thing. It's parseaddr that would need a fix, as well as _headervalueparser.

@bedevere-app
Copy link

bedevere-app bot commented Mar 6, 2025

A Python core developer has requested some changes be made to your pull request before we can consider merging it. If you could please address their requests along with any other requests in other reviews from core developers that would be appreciated.

Once you have made the requested changes, please leave a comment on this pull request containing the phrase I have made the requested changes; please review again. I will then notify any core developers who have left a review that you're ready for them to take another look at this pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Akuli Akuli Akuli left review comments

@bitdancer bitdancer bitdancer requested changes

@gpshead gpshead gpshead approved these changes

@hugovk hugovk hugovk approved these changes

Assignees

@gpshead gpshead

Labels
awaiting changes needs backport to 3.12 bug and security fixes needs backport to 3.13 bugs and security fixes stdlib Python modules in the Lib dir topic-email type-bug An unexpected behavior, bug, or error
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@carlbordum @gpshead @arhadthedev @bitdancer @hugovk @Akuli @serhiy-storchaka @bedevere-bot