Re: [hypermail] Hypermail security < test <here> >

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Peter C. McCluskey <pcm_at_rahul.net_at_hypermail-project.org>
Date: Wed, 14 Nov 2001 12:09:11 -0800 (PST)
Message-Id: <20011114200911.44AB81D9F_at_foxtrot.rahul.net>

daniel_at_haxx.se (Daniel Stenberg) writes:
>> In terms of converting all < and > into < and >, could you point
>> out where it is done? I would like to double check that no spots are
>> missed - all parts of the message, including body, messageid, subject,
>> etc. need to be checked.
>
>The actual function that converts the letters is named 'convchars()' and is
>found in the src/string.c source file.
>
>There *could* be a spot somewhere where this isn't used, yes.

It isn't used where addbody is called with the BODY_HTMLIZED flag, which unfortunately is more places than can be quickly understood. Most deal with attachments which shouldn't be converted. The attachment description wasn't being converted, and I just checked in a change to insure that it is converted. I also checked in a change that converts attachment filenames ending in .shtml to end in .html instead.
I will give further thought to these issues later.

Peter McCluskey | Free Dmitry Sklyarov! http://www.freesklyarov.org/ http://www.rahul.net/pcm | Received on Wed 14 Nov 2001 10:14:09 PM GMT

This archive was generated by hypermail 2.2.0 : Thu 22 Feb 2007 07:33:53 PM GMT GMT