[imp] From line creation? (2.2.4)

Marius Strom marius@marius.org
Wed, 7 Feb 2001 14:56:17 -0600

Previous message: [imp] Problem with attachements
Next message: newbie questions
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

IIRC RFC821 and 822 don't expressly disallow spaces.  However, using
escapeShellCmd() and bombing on a semicolon (and most other punctuation,
IMHO) would be a good thing.

Also, I've never actually seen the use of a space in an email name, so I
think in the issue of increased security at the risk of miniscule side
effects, bombing on a space would be good.  In that thread though, why
break one of the RFC's. (Let's not start that war again)

Perhaps a config flag change to alternate between these methods, heavily
commented stating that you will be breaking an RFC if you filter by
space?

On Wed, Feb 07, 2001 at 03:39:38PM -0500, Chuck Hagenbuch wrote:
> Quoting Rich Lafferty <rich@horde.org>:
> 
> > That'll break on legal addresses such as <*@qz.to>. Would addslashes()
> > solve the particularly evil cases?
> 
> We already run it through escapeShellCmd(). Right now I'm wondering if that's 
> enough, or if perhaps bombing out if either a space or a semi-colon will a). 
> not break valid things and b). protect us. Comments?
> 
> -chuck
> 
> --
> Charles Hagenbuch, <chuck@horde.org>
> "My intuitive grasp of math often leads me astray." -Me
> 
> -- 
> IMP mailing list: http://horde.org/imp/
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: imp-unsubscribe@lists.horde.org
> 

-- 
Marius Strom <marius@marius.org>
Professional Geek/Unix System Administrator
URL: http://www.marius.org/
http://www.marius.org/marius.pgp 0x55DE53E4

"Never underestimate the bandwidth of a mini-van full of DLT
tapes traveling down the highway at 65 miles per hour..."
	-Andrew Tanenbaum, "Computer Networks"

Previous message: [imp] Problem with attachements
Next message: newbie questions
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]