Hi there, This opens the possibility of making things like images/../../../../blah.txt You get the idea, right? If other directories should be allowed, then these should be speciffically allowed I think. Like:
elsif ($fil !~ /^(images\/|notes\/)?[\w-\.]+\.txt$/i){ What do you think? Regards! Javier ----- Original Message ----- From: <[EMAIL PROTECTED]> To: "Questions and Answers for users of ASSP Anti-Spam SMTP Proxy" <assp-user@lists.sourceforge.net> Sent: Friday, August 18, 2006 5:33 AM Subject: [Assp-user] Unallowed file > 1.2.5(6) stops the functioning of the notes files. > > path is notes/xxx.txt and the slash is not allowed. > > if line 7431: elsif ($fil !~ /^[\w-\.]+\.txt$/i){ > > becomes elsif ($fil !~ /^[\w][\w-\.\/]+\.txt$/i){ > > then the path (if present) has to be below the base and the notes are > functioning again. > > Paul > > > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job > easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Assp-user mailing list > Assp-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-user > > ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Assp-user mailing list Assp-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-user