[horde] imp's new trailer hook
witscher at gmail.com
Sun Sep 8 18:09:56 UTC 2013
Quoting Michael M Slusarz <slusarz at horde.org>:
> Quoting Gary <witscher at gmail.com>:
>> I've been playing with the new parameters for the trailer hook in
>> imp. I get a value for the $to variable but not for the $identity
>> variable. I'm not much good at php, can anyone help me figure this
> $identity is an object, not a string:
>> * @param IMP_Prefs_Identity $identity The identity object of
>> the sender.
> So this isn't going to output anything:
>> "This message was sent by: " . $identity . "\n" .
> Since $identity doesn't have an automatic string representation.
> Object documentation can be found here:
> Just a note: your code opens up a fairly substantial security hole
> if adding a trailer to an HTML message, since your current code does
> not escape any harmful content that you may be inserting into the
> message. So you need to look out for that.
Thank you for the documentation link. Not being a php person it took
me a while to figure out how to use it, but I got there in the end.
This works really well and is way more flexible than I have use for.
You have taken it to a whole new level.
The code I quoted was just experimental code, so I could try and see
what values I would be dealing with. The code I'm using reads in
fortune files from disk, world readable, owner writable. Hopefully
that won't create the security hole that you speak of. Perhaps you
have at hand a link to documentation regarding these types of security
holes? If so, I'd like to take a look at it.
Thank you for a very useful update,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 490 bytes
Desc: PGP Digital Signature
More information about the horde