Hi there,
This opens the possibility of making things like
images/../../../../blah.txt
You get the idea, right?
If other directories should be allowed, then these should be
speciffically allowed I think.
Like:
elsif ($fil !~ /^(images\/|notes\/)?[\w-\.]+\.txt$/i){
What do you think?
Regards!
Javier
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: "Questions and Answers for users of ASSP Anti-Spam SMTP Proxy"
<assp-user@lists.sourceforge.net>
Sent: Friday, August 18, 2006 5:33 AM
Subject: [Assp-user] Unallowed file
> 1.2.5(6) stops the functioning of the notes files.
>
> path is notes/xxx.txt and the slash is not allowed.
>
> if line 7431: elsif ($fil !~ /^[\w-\.]+\.txt$/i){
>
> becomes elsif ($fil !~ /^[\w][\w-\.\/]+\.txt$/i){
>
> then the path (if present) has to be below the base and the notes are
> functioning again.
>
> Paul
>
>
>
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job
> easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Assp-user mailing list
> Assp-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/assp-user
>
>
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
