On 15/10/2010 8:26 PM, Kevin A. McGrail wrote:
Nigel,
His point, I believe, is more to add something to sanitize the subject line.
It doesn't matter if they are in another dir.
Otherwise, a subject such as ../../../../.... could have exploit/dos potential.
Something like $subject =~ s/[^-a-z0-9 _]//i; would be a good start.
Regards,
Thank Kevin. I actually did get that bit.
I was just referring to the folder vulnerability as a separate issue.
Thanks for the heads up though.
Appreciate the input.
N/
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
