Open ldidry opened 1 month ago
RFC 5322 says (in section 2.2 "Header fields"):
A field name MUST be composed of printable US-ASCII characters (i.e., characters that have values between 33 and 126, inclusive), except colon.
Thus, I suppose, it should not contain accented characters.
Expected Behavior
People shouldn’t be able to set a custom_header with an accent, which makes Sympa crash.
Current Behavior
People can set a custom_header with an accent, which makes Sympa crash.
Possible Solution
We could set a
pattern
attribute to the input field, like^[a-zA-Z0-9]*$
, or set a similar validation in the backend.Context
A user has set
X-Expéditeur
as custom_header, which made sympa_msg crash, preventing to keep processing other mails.Crash log: