[dev] Re: [cvs] commit: imp/lib/MIME/Viewer tnef.php

Chuck Hagenbuch chuck@horde.org
Mon, 3 Jun 2002 23:32:47 -0400

Previous message: [dev] Re: [cvs] commit: imp/lib/MIME/Viewer tnef.php
Next message: [dev] Re: [cvs] commit: imp/lib/MIME/Viewer tnef.php
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Michael M Slusarz <slusarz@bigworm.colorado.edu>:

> But... this functionality is needed.  The offending code was what actually
> displayed the attachments.  The current code will simply list the 
> attachments that occur inside of a TNEF attachment - of very limited 
> usefulness.  The security hole part is what actually returns the data to 
> the user.  Instead of passing the filename back to the MIME Viewer, I
> will instead pass the position of the file in the TNEF attachment - this
> should circumvent any security issues.

As long as you check boundary conditions that might cause errors (not sure 
how passing in a before the beginning/after the end position might effect 
things here), that should be fine, yeah...

-chuck

--
Charles Hagenbuch, <chuck@horde.org>
"What was and what may be, lie, like children whose faces we cannot see, in 
the arms of silence. All we ever have is here, now." - Ursula K. Le Guin

Previous message: [dev] Re: [cvs] commit: imp/lib/MIME/Viewer tnef.php
Next message: [dev] Re: [cvs] commit: imp/lib/MIME/Viewer tnef.php
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]