Re: RFC gurus? TB trashes attachments

Mon, 18 Sep 2000 11:00:11 -0700 


On Monday, September 18, 2000 at 7:21:46 PM you wrote:

Yet  another  followup:  I  have  solved  the question whose fault the
problem  is... it's in fact TB. Here's a snippet from the paragraph on
the filename parameter from RFC 2183 about "Content-Disposition":

-------------------------------- snip --------------------------------

2.3  The Filename Parameter

   The sender may want to suggest a filename to be used if the entity is
   detached and stored in a separate file. If the receiving MUA writes
   the entity to a file, the suggested filename should be used as a
   basis for the actual filename, where possible.

   It is important that the receiving MUA not blindly use the suggested
   filename.  The suggested filename SHOULD be checked (and possibly
   changed) to see that it conforms to local filesystem conventions,
   does not overwrite an existing file, and does not present a security
   problem (see Security Considerations below).

   The receiving MUA SHOULD NOT respect any directory path information
   that may seem to be present in the filename parameter.  The filename
   should be treated as a terminal component only.  Portable
   specification of directory paths might possibly be done in the future
   via a separate Content-Disposition parameter, but no provision is
   made for it in this draft.

-------------------------------- snip --------------------------------

As you can see, the RFC clearly states that the MUA should not respect
any  directory  information  given  in the file name, thereby implying
that this path information itself is not forbidden in the parameter.

I'll write this up and submit a bug report to RITLABS.

Oliver Sturm

-- 
Always proofread carefully in case you something out.
-- 
Oliver Sturm / <[EMAIL PROTECTED]>

Key ID: 71D86996
Fingerprint: 8085 5C52 60B8 EFBD DAD0  78B8 CE7F 38D7 71D8 6996

-- 
--------------------------------------------------------------
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
   <mailto:[EMAIL PROTECTED]>
To Unsubscribe from TBUDL, double click here and send the message:
   <mailto:[EMAIL PROTECTED]>
--------------------------------------------------------------

You are subscribed as : [email protected]


[ attachment has been remove by MDaemon ]

Reply via email to