mirror of
https://github.com/pacnpal/django-anymail.git
synced 2025-12-20 03:41:05 -05:00
Mailgun/SendGrid inbound: workaround Django filename issue
Workaround for Django multipart/form-data limitation where certain attachment filenames cause fields to be dropped or to end up in request.POST rather than request.FILES. Handle the MultiValueDictKeyError in inbound webhooks when this has occurred. Also update docs to recommend avoiding the problem by using Mailgun and SendGrid's "raw MIME" options. Also handle reported cases of empty, duplicate keys in Mailgun's content-id-map. Fixes #272
This commit is contained in:
medmunds
@@ -395,17 +395,27 @@ class MailgunInboundWebhookView(MailgunBaseWebhookView):
|
||||
except (KeyError, TypeError):
|
||||
attachments = None
|
||||
else:
|
||||
# Load attachments from posted files: Mailgun file field names are 1-based
|
||||
att_ids = ['attachment-%d' % i for i in range(1, attachment_count+1)]
|
||||
att_cids = { # filename: content-id (invert content-id-map)
|
||||
att_id: cid for cid, att_id
|
||||
in json.loads(request.POST.get('content-id-map', '{}')).items()
|
||||
}
|
||||
attachments = [
|
||||
AnymailInboundMessage.construct_attachment_from_uploaded_file(
|
||||
request.FILES[att_id], content_id=att_cids.get(att_id, None))
|
||||
for att_id in att_ids
|
||||
]
|
||||
# Load attachments from posted files: attachment-1, attachment-2, etc.
|
||||
# content-id-map is {content-id: attachment-id}, identifying which files are inline attachments.
|
||||
# Invert it to {attachment-id: content-id}, while handling potentially duplicate content-ids.
|
||||
field_to_content_id = json.loads(
|
||||
request.POST.get('content-id-map', '{}'),
|
||||
object_pairs_hook=lambda pairs: {att_id: cid for (cid, att_id) in pairs})
|
||||
attachments = []
|
||||
for n in range(1, attachment_count+1):
|
||||
attachment_id = "attachment-%d" % n
|
||||
try:
|
||||
file = request.FILES[attachment_id]
|
||||
except KeyError:
|
||||
# Django's multipart/form-data handling drops FILES with certain
|
||||
# filenames (for security) or with empty filenames (Django ticket 15879).
|
||||
# (To avoid this problem, use Mailgun's "raw MIME" inbound option.)
|
||||
pass
|
||||
else:
|
||||
content_id = field_to_content_id.get(attachment_id)
|
||||
attachment = AnymailInboundMessage.construct_attachment_from_uploaded_file(
|
||||
file, content_id=content_id)
|
||||
attachments.append(attachment)
|
||||
|
||||
return AnymailInboundMessage.construct(
|
||||
headers=json.loads(request.POST['message-headers']), # includes From, To, Cc, Subject, etc.
|
||||
|
||||
@@ -181,12 +181,22 @@ class SendGridInboundWebhookView(AnymailBaseWebhookView):
|
||||
attachments = None
|
||||
else:
|
||||
# Load attachments from posted files
|
||||
attachments = [
|
||||
AnymailInboundMessage.construct_attachment_from_uploaded_file(
|
||||
request.FILES[att_id],
|
||||
content_id=attachment_info[att_id].get("content-id", None))
|
||||
for att_id in sorted(attachment_info.keys())
|
||||
]
|
||||
attachments = []
|
||||
for attachment_id in sorted(attachment_info.keys()):
|
||||
try:
|
||||
file = request.FILES[attachment_id]
|
||||
except KeyError:
|
||||
# Django's multipart/form-data handling drops FILES with certain
|
||||
# filenames (for security) or with empty filenames (Django ticket 15879).
|
||||
# (To avoid this problem, enable SendGrid's "raw, full MIME" inbound option.)
|
||||
pass
|
||||
else:
|
||||
# (This deliberately ignores attachment_info[attachment_id]["filename"],
|
||||
# which has not passed through Django's filename sanitization.)
|
||||
content_id = attachment_info[attachment_id].get("content-id")
|
||||
attachment = AnymailInboundMessage.construct_attachment_from_uploaded_file(
|
||||
file, content_id=content_id)
|
||||
attachments.append(attachment)
|
||||
|
||||
default_charset = request.POST.encoding.lower() # (probably utf-8)
|
||||
text = request.POST.get('text')
|
||||
|
||||
Reference in New Issue
Block a user