On Tue, 3 Jan 2006, Joseph Brennan wrote:
WSJ.com - Cutting Hedge_ Law Firm Grows With Funds.pdf
It must be because of the ".com " in the name.
Why do we not just test the value of lc($ext), rather than pass the
entire entity to filter_bad_filename? Is there some form of obfuscation
in which the filename could be WSJ.com followed by random text?
This is in order to prevent using a partial name, when using invalid MIME
syntax, e.g.:
Content/type=application/octet-string;
filename=WSJ.com - Cutting Hedge_Law Firm Grows With Funds.pdf
Note the missing quotes of the filename tag.
There are reports that some MUAs ignore the text after the ".com" part
and, hence, would treat the attachment as executable file.
MIMEDefang does not know whether there are quotes or not, hence, it
assumes that they are not.
Bye,
--
Steffen Kaiser
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
