Properly encode path components used to construct API URLs

Resolves #144 and similar potential issues
2025-12-20 03:41:05 -05:00 · 2019-02-23 15:27:41 -08:00
parent 578bad9a57
commit dabbdad3bd
4 changed files with 18 additions and 8 deletions
--- a/anymail/backends/mailgun.py
+++ b/anymail/backends/mailgun.py
@@ -1,6 +1,6 @@
 from datetime import datetime
 from email.utils import encode_rfc2231
-from six.moves.urllib.parse import quote_plus
+from six.moves.urllib.parse import quote

 from requests import Request

@@ -82,12 +82,12 @@ class MailgunPayload(RequestsPayload):
                               "Either provide valid `from_email`, "
                               "or set `message.esp_extra={'sender_domain': 'example.com'}`",
                               backend=self.backend, email_message=self.message, payload=self)
-        if '/' in self.sender_domain or '%' in self.sender_domain:
+        if '/' in self.sender_domain or '%2f' in self.sender_domain.lower():
            # Mailgun returns a cryptic 200-OK "Mailgun Magnificent API" response
            # if '/' (or even %-encoded '/') confuses it about the API endpoint.
-            raise AnymailError("Invalid sender domain '%s'" % self.sender_domain,
+            raise AnymailError("Invalid '/' in sender domain '%s'" % self.sender_domain,
                               backend=self.backend, email_message=self.message, payload=self)
-        return "%s/messages" % quote_plus(self.sender_domain)
+        return "%s/messages" % quote(self.sender_domain, safe='')

    def get_request_params(self, api_url):
        params = super(MailgunPayload, self).get_request_params(api_url)
--- a/anymail/backends/mailjet.py
+++ b/anymail/backends/mailjet.py
@@ -1,3 +1,5 @@
+from six.moves.urllib.parse import quote
+
 from ..exceptions import AnymailRequestsAPIError
 from ..message import AnymailRecipientStatus, ANYMAIL_STATUSES
 from ..utils import get_anymail_setting, EmailAddress, parse_address_list
@@ -131,7 +133,7 @@ class MailjetPayload(RequestsPayload):
        template_id = self.data.get("Mj-TemplateID")
        if template_id and not self.data.get("FromEmail"):
            response = self.backend.session.get(
-                "%sREST/template/%s/detailcontent" % (self.backend.api_url, template_id),
+                "%sREST/template/%s/detailcontent" % (self.backend.api_url, quote(str(template_id), safe='')),
                auth=self.auth, timeout=self.backend.timeout
            )
            self.backend.raise_for_status(response, None, self.message)
--- a/anymail/backends/sendinblue.py
+++ b/anymail/backends/sendinblue.py
@@ -1,4 +1,5 @@
 from requests.structures import CaseInsensitiveDict
+from six.moves.urllib.parse import quote

 from .base_requests import AnymailRequestsBackend, RequestsPayload
 from ..exceptions import AnymailRequestsAPIError
@@ -76,7 +77,7 @@ class SendinBluePayload(RequestsPayload):

    def get_api_endpoint(self):
        if self.template_id:
-            return "smtp/templates/%s/send" % self.template_id
+            return "smtp/templates/%s/send" % quote(str(self.template_id), safe='')
        else:
            return "smtp/email"