0

I have built a custom invite app for my site. To activate an invite you must follow a link sent to your email.

The issue then becomes, my email sending function is having trouble sending a string as a message that looks like this: 

custom_message = "http://www.something.com%s" % invite.get_absolute_url()

After numerous tests, it seems the issue has to do with the :, since everything seems to work fine without it.

I don't need the colon, as I could just leave the entirety of http:// out. But I am curious why the function won't work when passing this string to my send_custom_email() function

For reference, this is my my email sending function:

def send_custom_email(recipient, custom_message):

    to = recipient
    gmail_user = 'someone@gmail.com'
    gmail_pwd = GMAIL_PWD
    smtpserver = smtplib.SMTP("smtp.gmail.com",587)
    smtpserver.ehlo()
    smtpserver.starttls()
    smtpserver.ehlo
    smtpserver.login(gmail_user, gmail_pwd)
    header = 'To:' + to + '\n' + 'From: ' + gmail_user + '\n' + 'Subject:Invite Link \n'
    print header

    unicoded_custom_message = unicode(custom_message)
    msg = header + unicoded_custom_message

    smtpserver.sendmail(gmail_user, to, msg)
    print 'done!'
    smtpserver.close()

A test:

>>> custom_message ="http://www.somesite.com%s"
>>> send_custom_email(recipient='someotherperson@mailinator.com', custom_message=custom_message)
To:someone@mailinator.com
From: someotherperson@gmail.com
Subject:Invite Link

done!

Although the email is sent, the message doesn't render

ApathyBear
  • 9,057
  • 14
  • 56
  • 90
  • Is this example complete? I expected to see a formatting operator (`%`) or a call to `.format()`. – Brian Cain Oct 31 '14 at 02:17
  • 1
    You say you're "having trouble" and that the issue "seems" to be with the colon, but don't specify the errors you're getting, so it's impossible to know what's going on here. Please provide as much info as you can. – Totem Oct 31 '14 at 02:17
  • I have updated the contents of `custom_message` in my OP to include the formatter. The reason I left it out is because it seemed irrelevant. As for the error, I am not receiving any errors, this is the problem. The entire string simply is not included in the body of the message. It is completely missing, but it seems to fail silently. – ApathyBear Oct 31 '14 at 02:25
  • On the other hand, when `custom_message = 'www.somesite.com&s' % invite.get_absolute_url()`, Then the string is sent fine in the body of the email. – ApathyBear Oct 31 '14 at 02:28

1 Answers1

2

The email generated violates the format for emails:

There has to be a space after the key of a header and there have to be two newlines so separate the message:

header = 'To: ' + to + '\n' + 'From: ' + gmail_user + '\n' + 'Subject: Invite Link \n\n'

As you are constructing it, the link is interpreted as email header.

Also you should consider using Django's built-in email function. Your code is vulnerable tp header injections. Please read: https://docs.djangoproject.com/en/dev/topics/email/ !

Klaus D.
  • 13,874
  • 5
  • 41
  • 48