-
Thomas Sibley authored
This allows reformatting of inserted headers by canonicalizing tag case and, crucially, folding (or refolding) lines. When the header object is not explicitly marked modifiable — such as when generated via parsing a raw MIME message — Mail::Header assumes that header values you set should be inserted as-is. This means newlines are not stripped or validated as you're expected to construct proper continuations yourself. RT incorrectly assumed newlines in header values would be stripped, leaving open the possibility of header injection via various user-controlled inputs. This commit resolves CVE-2012-4730. Fixes failing tests by removing the assumptions that: 1) Case of header names is preserved 2) Header values are always on a single line
ecbdf95e