-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 30 Aug 2010, Joseph Brennan wrote:
$re = '\.' . $bad_exts . '\.*$';
This catches harmless example.com.pdf and more complicated things.
Hmm, musing here, because I do not have a system to test with:
what happens if you save "example.com.pdf" on a 8.3 filesystem?
I have forgotten what evil can be done with a trailing dot, but before
I commit foolishness by changing $re, I thought I'd ask.
same here. Maybe there are other circumstances, in which a trailing dot is
simply ignored for user's sake. IMHO a trailing dot is suspicious. If you
rename "oldname.txt" with Windows explorer to "newname.txt...........",
you get a warning about a probably unusable filename, but the result is
"newname.txt".
Regards,
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBTJHjWEgddVksjRnHAQI2AggArw7SW73Wgwmqlwazt2xOgxWQrFr1FnDy
OslKcQOPwnEZf4lk0eVItzKXGmji2x5GsnusJRhwMYbtNOTfpSVpl5qZ0V6ikzLO
hXl0JNryzcLcjEeJiY4xJhRoeNLTMpMlb+SlyX3Xvt19UgWkup826PY0Aob7CB/8
3AYVP/i7AmPRuGffqzg6xpcNEAbHD8K8pUHqNUaL1+yF0ZCz/Yck1Tjz8eA6bTA6
LBdMutRMDOqUyzCb0oK5Uk39eC0PjtewZ2ugQov1fgP8qZXemoSNXo9nmrBWphUL
+fa/nHkc5e0v29c7/j+qFXgpIqLgVLmrp0HfoxPP2ktztHgmaH1d1g==
=GeFL
-----END PGP SIGNATURE-----
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
