magic-removal: Merged to [1809]

git-svn-id: http://code.djangoproject.com/svn/django/branches/magic-removal@1810 bcc190cf-cafb-0310-a4f2-bffc1f526a37

django/conf/project_template/settings.py

@@ -60,6 +60,7 @@ ROOT_URLCONF = '{{ project_name }}.urls'
 
 TEMPLATE_DIRS = (
     # Put strings here, like "/home/html/django_templates".
+    # Always use forward slashes, even on Windows.
 )
 
 INSTALLED_APPS = (

django/core/mail.py

@@ -4,11 +4,14 @@ from django.conf.settings import DEFAULT_FROM_EMAIL, EMAIL_HOST, EMAIL_SUBJECT_P
 from email.MIMEText import MIMEText
 import smtplib
 
+class BadHeaderError(ValueError):
+    pass
+
 class SafeMIMEText(MIMEText):
     def __setitem__(self, name, val):
         "Forbids multi-line headers, to prevent header injection."
         if '\n' in val or '\r' in val:
-            raise ValueError, "Header values can't contain newlines (got %r for header %r)" % (val, name)
+            raise BadHeaderError, "Header values can't contain newlines (got %r for header %r)" % (val, name)
         MIMEText.__setitem__(self, name, val)
 
 def send_mail(subject, message, from_email, recipient_list, fail_silently=False):

docs/email.txt

@@ -127,24 +127,25 @@ scripts generate.
 The Django e-mail functions outlined above all protect against header injection
 by forbidding newlines in header values. If any ``subject``, ``from_email`` or
 ``recipient_list`` contains a newline, the e-mail function (e.g.
-``send_mail()``) will raise ``ValueError`` and, hence, will not send the
+``send_mail()``) will raise ``django.core.mail.BadHeaderError`` (a subclass of
-e-mail. It's your responsibility to validate all data before passing it to the
+``ValueError``) and, hence, will not send the e-mail. It's your responsibility
-e-mail functions.
+to validate all data before passing it to the e-mail functions.
 
 Here's an example view that takes a ``subject``, ``message`` and ``from_email``
 from the request's POST data, sends that to admin@example.com and redirects to
 "/contact/thanks/" when it's done::
 
-    from django.core.mail import send_mail
+    from django.core.mail import send_mail, BadHeaderError
 
     def send_email(request):
         subject = request.POST.get('subject', '')
         message = request.POST.get('message', '')
         from_email = request.POST.get('from_email', '')
-        if subject and message and from_email \
+        if subject and message and from_email:
-                and '\n' not in subject and '\n' not in message
+            try:
-                and '\n' not in from_email:
                 send_mail(subject, message, from_email, ['admin@example.com'])
+            except BadHeaderError:
+                return HttpResponse('Invalid header found.')
             return HttpResponseRedirect('/contact/thanks/')
         else:
             # In reality we'd use a manipulator

docs/settings.txt

@@ -584,8 +584,10 @@ TEMPLATE_DIRS
 
 Default: ``()`` (Empty tuple)
 
-List of locations of the template source files, in search order. See the
+List of locations of the template source files, in search order. Note that
-`template documentation`_.
+these paths should use Unix-style forward slashes, even on Windows.
+
+See the `template documentation`_.
 
 TEMPLATE_FILE_EXTENSION
 -----------------------

docs/templates_python.txt

@@ -388,6 +388,8 @@ that contain full paths to your template directory(ies). Example::
         "/home/html/templates/default",
     )
 
+Note that these paths should use Unix-style forward slashes, even on Windows.
+
 The Python API
 ~~~~~~~~~~~~~~