py_tasks_melange: thirdparty/google_appengine/lib/django/docs/email.txt@27971a13089f (annotated)

109 620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	1	==============
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	2	Sending e-mail
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	3	==============
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	4
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	5	Although Python makes sending e-mail relatively easy via the `smtplib library`_,
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	6	Django provides a couple of light wrappers over it, to make sending e-mail
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	7	extra quick.
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	8
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	9	The code lives in a single module: ``django.core.mail``.
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	10
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	11	.. _smtplib library: http://www.python.org/doc/current/lib/module-smtplib.html
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	12
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	13	Quick example
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	14	=============
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	15
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	16	In two lines::
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	17
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	18	from django.core.mail import send_mail
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	19
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	20	send_mail('Subject here', 'Here is the message.', 'from@example.com',
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	21	['to@example.com'], fail_silently=False)
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	22
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	23	.. note::
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	24
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	25	The character set of email sent with ``django.core.mail`` will be set to
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	26	the value of your `DEFAULT_CHARSET setting`_.
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	27
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	28	.. _DEFAULT_CHARSET setting: ../settings/#DEFAULT_CHARSET
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	29
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	30	send_mail()
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	31	===========
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	32
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	33	The simplest way to send e-mail is using the function
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	34	``django.core.mail.send_mail()``. Here's its definition::
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	35
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	36	send_mail(subject, message, from_email, recipient_list,
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	37	fail_silently=False, auth_user=None,
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	38	auth_password=None)
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	39
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	40	The ``subject``, ``message``, ``from_email`` and ``recipient_list`` parameters
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	41	are required.
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	42
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	43	* ``subject``: A string.
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	44	* ``message``: A string.
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	45	* ``from_email``: A string.
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	46	* ``recipient_list``: A list of strings, each an e-mail address. Each
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	47	member of ``recipient_list`` will see the other recipients in the "To:"
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	48	field of the e-mail message.
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	49	* ``fail_silently``: A boolean. If it's ``False``, ``send_mail`` will raise
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	50	an ``smtplib.SMTPException``. See the `smtplib docs`_ for a list of
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	51	possible exceptions, all of which are subclasses of ``SMTPException``.
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	52	* ``auth_user``: The optional username to use to authenticate to the SMTP
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	53	server. If this isn't provided, Django will use the value of the
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	54	``EMAIL_HOST_USER`` setting.
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	55	* ``auth_password``: The optional password to use to authenticate to the
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	56	SMTP server. If this isn't provided, Django will use the value of the
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	57	``EMAIL_HOST_PASSWORD`` setting.
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	58
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	59	.. _smtplib docs: http://www.python.org/doc/current/lib/module-smtplib.html
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	60
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	61	send_mass_mail()
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	62	================
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	63
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	64	``django.core.mail.send_mass_mail()`` is intended to handle mass e-mailing.
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	65	Here's the definition::
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	66
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	67	send_mass_mail(datatuple, fail_silently=False,
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	68	auth_user=None, auth_password=None):
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	69
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	70	``datatuple`` is a tuple in which each element is in this format::
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	71
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	72	(subject, message, from_email, recipient_list)
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	73
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	74	``fail_silently``, ``auth_user`` and ``auth_password`` have the same functions
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	75	as in ``send_mail()``.
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	76
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	77	Each separate element of ``datatuple`` results in a separate e-mail message.
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	78	As in ``send_mail()``, recipients in the same ``recipient_list`` will all see
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	79	the other addresses in the e-mail messages's "To:" field.
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	80
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	81	send_mass_mail() vs. send_mail()
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	82	--------------------------------
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	83
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	84	The main difference between ``send_mass_mail()`` and ``send_mail()`` is that
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	85	``send_mail()`` opens a connection to the mail server each time it's executed,
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	86	while ``send_mass_mail()`` uses a single connection for all of its messages.
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	87	This makes ``send_mass_mail()`` slightly more efficient.
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	88
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	89	mail_admins()
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	90	=============
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	91
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	92	``django.core.mail.mail_admins()`` is a shortcut for sending an e-mail to the
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	93	site admins, as defined in the `ADMINS setting`_. Here's the definition::
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	94
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	95	mail_admins(subject, message, fail_silently=False)
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	96
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	97	``mail_admins()`` prefixes the subject with the value of the
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	98	`EMAIL_SUBJECT_PREFIX setting`_, which is ``"[Django] "`` by default.
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	99
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	100	The "From:" header of the e-mail will be the value of the `SERVER_EMAIL setting`_.
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	101
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	102	This method exists for convenience and readability.
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	103
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	104	.. _ADMINS setting: ../settings/#admins
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	105	.. _EMAIL_SUBJECT_PREFIX setting: ../settings/#email-subject-prefix
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	106	.. _SERVER_EMAIL setting: ../settings/#server-email
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	107
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	108	mail_managers() function
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	109	========================
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	110
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	111	``django.core.mail.mail_managers()`` is just like ``mail_admins()``, except it
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	112	sends an e-mail to the site managers, as defined in the `MANAGERS setting`_.
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	113	Here's the definition::
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	114
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	115	mail_managers(subject, message, fail_silently=False)
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	116
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	117	.. _MANAGERS setting: ../settings/#managers
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	118
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	119	Examples
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	120	========
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	121
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	122	This sends a single e-mail to john@example.com and jane@example.com, with them
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	123	both appearing in the "To:"::
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	124
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	125	send_mail('Subject', 'Message.', 'from@example.com',
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	126	['john@example.com', 'jane@example.com'])
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	127
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	128	This sends a message to john@example.com and jane@example.com, with them both
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	129	receiving a separate e-mail::
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	130
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	131	datatuple = (
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	132	('Subject', 'Message.', 'from@example.com', ['john@example.com']),
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	133	('Subject', 'Message.', 'from@example.com', ['jane@example.com']),
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	134	)
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	135	send_mass_mail(datatuple)
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	136
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	137	Preventing header injection
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	138	===========================
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	139
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	140	`Header injection`_ is a security exploit in which an attacker inserts extra
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	141	e-mail headers to control the "To:" and "From:" in e-mail messages that your
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	142	scripts generate.
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	143
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	144	The Django e-mail functions outlined above all protect against header injection
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	145	by forbidding newlines in header values. If any ``subject``, ``from_email`` or
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	146	``recipient_list`` contains a newline (in either Unix, Windows or Mac style),
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	147	the e-mail function (e.g. ``send_mail()``) will raise
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	148	``django.core.mail.BadHeaderError`` (a subclass of ``ValueError``) and, hence,
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	149	will not send the e-mail. It's your responsibility to validate all data before
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	150	passing it to the e-mail functions.
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	151
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	152	If a ``message`` contains headers at the start of the string, the headers will
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	153	simply be printed as the first bit of the e-mail message.
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	154
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	155	Here's an example view that takes a ``subject``, ``message`` and ``from_email``
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	156	from the request's POST data, sends that to admin@example.com and redirects to
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	157	"/contact/thanks/" when it's done::
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	158
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	159	from django.core.mail import send_mail, BadHeaderError
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	160
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	161	def send_email(request):
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	162	subject = request.POST.get('subject', '')
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	163	message = request.POST.get('message', '')
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	164	from_email = request.POST.get('from_email', '')
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	165	if subject and message and from_email:
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	166	try:
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	167	send_mail(subject, message, from_email, ['admin@example.com'])
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	168	except BadHeaderError:
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	169	return HttpResponse('Invalid header found.')
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	170	return HttpResponseRedirect('/contact/thanks/')
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	171	else:
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	172	# In reality we'd use a manipulator
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	173	# to get proper validation errors.
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	174	return HttpResponse('Make sure all fields are entered and valid.')
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	175
620f9b141567 Load ../../google_appengine into trunk/thirdparty/google_appengine. Todd Larsen <tlarsen@google.com> parents: diff changeset	176	.. _Header injection: http://securephp.damonkohler.com/index.php/Email_Injection

author	Lennard de Rijk <ljvderijk@gmail.com>
	Sat, 05 Sep 2009 14:04:24 +0200
changeset 2862	27971a13089f
parent 109	620f9b141567
permissions	-rw-r--r--