Re: [hypermail] Hypermail security < test <here> >

From: Peter C. McCluskey <>
Date: Wed, 14 Nov 2001 12:09:11 -0800 (PST)
Message-Id: <> (Daniel Stenberg) writes:
>> In terms of converting all < and > into &lt; and &gt;, could you point
>> out where it is done? I would like to double check that no spots are
>> missed - all parts of the message, including body, messageid, subject,
>> etc. need to be checked.
>The actual function that converts the letters is named 'convchars()' and is
>found in the src/string.c source file.
>There *could* be a spot somewhere where this isn't used, yes.

 It isn't used where addbody is called with the BODY_HTMLIZED flag, which unfortunately is more places than can be quickly understood. Most deal with attachments which shouldn't be converted.  The attachment description wasn't being converted, and I just checked in a change to insure that it is converted.  I also checked in a change that converts attachment filenames ending in .shtml to end in .html instead.
 I will give further thought to these issues later.

Peter McCluskey | Free Dmitry Sklyarov! | Received on Wed 14 Nov 2001 10:14:09 PM GMT

This archive was generated by hypermail 2.2.0 : Thu 22 Feb 2007 07:33:53 PM GMT GMT