[imp] Still security issue with attachments?

[Harald Wilhelmi]

Hello,

a few days ago I looked at the IMP 3.1 code to add a custom feature.
It seems to me that attachments in IMP 3.1 are handled insecure.
It's essentially the same issue as discribed in this bugtraq posting:

	http://online.securityfocus.com/archive/1/82088

So it should be fixed since 2.2.1. However if I open in IMP 3.1
a compose window, add a attachment, and look at the HTML I get
I see:

        <input type="hidden" name="attachments_name[]" value="test" />
        <input type="hidden" name="attachments_size[]" value="4" />
        <input type="hidden" name="attachments_file[]" value="/tmp/impattdqiqwq" />
        <input type="hidden" name="attachments_type[]" value="application/octet-stream" />
        <input type="checkbox" name="delattachments[]" value="/tmp/impattdqiqwq" />

I found also nothing in IMP's code to check for unexpected values in
$HTTP_POST_VARS['attachments_name'] in compose.php.

Did I missed something important? Bug? Feature?

Maybe one of the IMP developers can give a comment about this.

Beside this we have no problems with Horde/IMP. We use it a lot and are
quiet happy with it.

Regards
Harald Wilhelmi


-- 

------------------------------------------------------------------
Harald Wilhelmi	
Partner	
EMail: harald.wilhelmi@tngtech.com    *     Phone: +49(89)21589960
TNG Technology Consulting GmbH * Betastr. 9A * 85774 Unterfoehring