Bug #12, was updated on 2002-Apr-20 11:56 Here is a current snapshot of the bug.
Project: savannah Category: Mail Severity: 7 Priority: High Bug Group: None Resolution: Fixed Assigned to: ljulliar Status: Closed Effort: 0.50 Summary: support e-mails eat backquoted text Original Submission: The e-mails sent by the support system remove all text contained between backquotes (i.e., ascii character 0x60). For example, see support request #100533[1], and the e-mail that was sent to savannah-hackers[2]. 1. http://savannah.gnu.org/support/?func=detailsupport&support_id=100533&group_i d=11 2. http://mail.gnu.org/pipermail/savannah-hackers/2002-March/006446.html http://savannah.gnu.org/support/?func=detailsupport&support_id=100534&group_id=11 Follow-Ups: ********** ------------------------------------------------------- Date: 2002-Apr-20 22:49 By: ljulliar Comment: This was a bug in the utils.php function util_prep_string_for_sendmail where the backquote character was not escaped causing the shell to interpret the backquoted text as a command instead of passing it as normal text to sendmail. All services sending follwoup mails (bug, task, patch, support) were affected. As you probably realize this was also a *major* security hole!! `I include this text' to test that the `fix' is ok. Impacted Files: www/include/utils.php 1.10 For detailed info, follow this link: http://savannah.gnu.org/bugs/?func=detailbug&bug_id=12&group_id=11
