Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sanitize function in ContentTypeField breaks encoding by using downcase! #1398

Open
RemcodM opened this issue Jun 24, 2020 · 0 comments · May be fixed by #1399
Open

sanitize function in ContentTypeField breaks encoding by using downcase! #1398

RemcodM opened this issue Jun 24, 2020 · 0 comments · May be fixed by #1399

Comments

@RemcodM
Copy link

RemcodM commented Jun 24, 2020

I have an e-mail with PDF attachment, with the following Content-Type header:

Content-Type: application/pdf; name==?utf-8?B?RXhhbXBsZS5wZGY=?=

% echo "RXhhbXBsZS5wZGY=" | base64 -d
Example.pdf%

This header cannot be parsed using the Mail::ContentTypeElement because the encoded attachment name is not quoted. Inside Mail::ContentTypeField, there is a sanitize method which tries to work around these broken e-mails by performing actions, such as adding these quotes. However, this function also calls downcase! on the value:

mail/lib/mail/fields/content_type_field.rb

Lines 126 to 130 in 8fbb17d

if val =~ /(boundary=(\S*))/i
val = "#{$`.downcase}boundary=#{$2}#{$'.downcase}"
else
val.downcase!
end

This results in the final header being:

Content-Type: application/pdf; name==?utf-8?b?rxhhbxbszs5wzgy=?=

Now the encoding is broken:

% echo "rxhhbxbszs5wzgy=" | base64 -d
?ao???p?
        %

Without the downcase!, the sanitize function would have fixed the problem just fine. With sanitize however, the encoding is broken.
RemcodM added a commit to RemcodM/mail that referenced this issue Jun 24, 2020
@RemcodM
Remove downcase! method from sanitize function in ContentTypeField
4da49e7 
Fixes mikel#1398

This change removes the sequence of code that downcases the Content-Type header value.
If I should believe the specs, it should serve no purpose. Only 2 specs break because
of the charset being returned in capital letters instead of downcased as before.

This fixes the problem is which encoding is broken by downcasing, such as the example
with base64 provided in mikel#1398
@RemcodM RemcodM linked a pull request Jun 24, 2020 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove downcase! method from sanitize function in ContentTypeField RemcodM/mail
1 participant
@RemcodM