[horde] To: and From: formatting problem
Chris
bsd at 1command.com
Wed Mar 1 08:56:32 PST 2006
Hello, and thank you for your reply.
Quoting Chuck Hagenbuch <chuck at horde.org>:
> Quoting Chris <bsd at 1command.com>:
>
>> The previous version didn't do this.
>
> IMP has done this since version 1.x.
>
>> It would appear that this could easily be a security risk - even
>> greater than that of the last version. As it isn't properly handling
>> input on the To: and/ or From:. It shouldn't be possible to place
>> potential operators on these lines. As it provides the ability to
>> create scripts that can cause undesired manipulation.
>
> What on earth are you talking about?
What I am trying to say, is that it places the To:
(letter T, letter o *and* a colon) *as well* as my email address in the
From column. The previous version didn't do this. It shouldn't be permitted
to place potential operators (#@!$%^&*()_-+=`~'"?/>.<,) in the From: or To:
fields. Nor should they be sent or recieved. I'm sure that this is a potential
risk.
Thanks again for your reply.
--Chris
>
> -chuck
>
> --
> "we are plastered to the windshield of the bus that is time." - Chris
> --
> Horde mailing list - Join the hunt: http://horde.org/bounties/#horde
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>
----------------------------------------------------------------
FreeBSD 5.5-PRERELEASE MAIL04 Fri Feb 24 16:59:38 PST 2006
////////////////////////////////////////////////////////////////
More information about the horde
mailing list