http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4748
Summary: add ExpressionEngine redirector pattern
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Platform: Other
OS/Version: other
Status: NEW
Severity: normal
Priority: P5
Component: Rules
AssignedTo: [email protected]
ReportedBy: [EMAIL PROTECTED]
On 12/23/2005 5:25 AM, [EMAIL PROTECTED] wrote:
> Author: hstern
> Date: Fri Dec 23 02:25:41 2005
> New Revision: 358787
>
> URL: http://svn.apache.org/viewcvs?rev=358787&view=rev
> Log:
> * hstern: added sandbox directory
> * hstern/20_uri_tests.cf: added redirector pattern for ExpressionEngine, a
> piece of blogging software that has an open redirector in it.
> +# ExpressionEngine redirector
> +# see http://www.pmachine.com/forums/viewthread/29561/
> +# e.g.
> http://www.someEEBasedSite.com/index.php?URL=http://www.NastyPR0nSite.com
> +# e.g. http://www.pmachine.com/ee/knowledgeblog/?URL=http://www.google.com
> +redirector_pattern m'/(?:index.php)?\?.*(?<=[?&])URL=(.*?)(?:$|[&\#])'i
I was going to say that these should be caught since they've got 'http://' in
them, but they don't actually require a scheme to be present to work.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
