Inbound: sanitize CRNL in ESP-parsed attachment filenames

medmunds · medmunds · commit 1cbe9d8f45e3 · 2026-04-18T11:29:25.000-07:00
Fixes #465.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -41,6 +41,14 @@ Features
 
 * **Resend:** Add support for inbound email. (Thanks to `@btimby`_.)
 
+Fixes
+~~~~~
+
+* **Inbound:** Convert carriage return and line feed characters in attachment
+  filenames to spaces for ESPs that parse them from invalid headers (e.g.,
+  Postmark). (Thanks to `@BHSPitMonkey`_ for reporting the issue and providing
+  an example.)
+
 
 v14.0
 -----
@@ -1959,6 +1967,7 @@ Features
 .. _@b0d0nne11: https://github.com/b0d0nne11
 .. _@blag: https://github.com/blag
 .. _@btimby: https://github.com/btimby
+.. _@BHSPitMonkey: https://github.com/BHSPitMonkey
 .. _@cahna: https://github.com/cahna
 .. _@calvin: https://github.com/calvin
 .. _@carrerasrodrigo: https://github.com/carrerasrodrigo
diff --git a/anymail/inbound.py b/anymail/inbound.py
@@ -1,3 +1,4 @@
+import re
 import warnings
 from base64 import b64decode
 from email.message import EmailMessage
@@ -393,6 +394,8 @@ def construct_attachment(
         )
 
         if filename is not None:
+            # Replace CR/NL sequences with a space. See issue #465.
+            filename = re.sub(r"[\r\n]+", " ", filename)
             part.set_param("name", filename, header="Content-Type")
             part.set_param("filename", filename, header="Content-Disposition")
 
diff --git a/tests/test_inbound.py b/tests/test_inbound.py
@@ -203,6 +203,20 @@ def test_construct_attachment_unicode_filename(self):
         self.assertTrue(att.is_inline())
         self.assertEqual(att.get_content_text(), "Unicode ✓")
 
+    def test_construct_attachment_crnl_in_filename(self):
+        # Issue #465: Postmark (at least) decodes newlines out of this header:
+        #   Content-Disposition: inline;
+        #    filename="=?iso-8859-1?Q?Outlook-Icon=0A=0ADesc.png?="
+        # leading to the ValueError "Header values may not contain linefeed or
+        # carriage return characters" when Anymail tries to use that filename
+        # in Python's EmailMessage.
+        att = AnymailInboundMessage.construct_attachment(
+            content_type="text/plain",
+            content="content",
+            filename="Outlook-Icon\n\nDec.png",
+        )
+        self.assertEqual(att.get_filename(), "Outlook-Icon Dec.png")
+
     def test_parse_raw_mime(self):
         # (we're not trying to exhaustively test email.parser MIME handling here;
         # just that AnymailInboundMessage.parse_raw_mime calls it correctly)
