http://bugzilla.spamassassin.org/show_bug.cgi?id=3369
Summary: URI obfuscation using %hex breaks a lot of uri tests
Product: Spamassassin
Version: 2.63
Platform: All
URL: http://web.da-
us.citibank.com%2E%75%73%65%72%73%65%74%2E%6E%65%74:%34%
39%30%33/%63/%69%6E%64%65%78%2E%68%74%6D
OS/Version: other
Status: NEW
Severity: normal
Priority: P5
Component: spamassassin
AssignedTo: [EMAIL PROTECTED]
ReportedBy: [EMAIL PROTECTED]
I've been experimenting with regexes that catch redirectors, unusual ports and
such, but an url like:
http://web.da-us.citibank.com%2E%75%73%65%72%73%65%74%2E%6E%65%74:%34%39%30%33/%63/%69%6E%64%65%78%2E%68%74%6D
sidesteps most of them because the values I'm checking for are obfuscated using
%hex. Currently I've rewritten my rules to keep this in mind, but it makes them
very hard to read.
It would be nice if we would be able to test against 'decodeduri' instead of
'uri' which will have decoded all uri escape codes.
Even better would be to rename the current uri scope to rawuri and decode the
uri scope by default.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
