[imp] Still security issue with attachments?

Chuck Hagenbuch chuck@horde.org
Tue, 16 Jul 2002 16:18:38 -0400

Previous message: [imp] Still security issue with attachments?
Next message: [imp] Still security issue with attachments?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Harald Wilhelmi <harald.wilhelmi@tngtech.com>:

> So it should be fixed since 2.2.1. However if I open in IMP 3.1
> a compose window, add a attachment, and look at the HTML I get
> I see:

[snip]

> Did I missed something important? Bug? Feature?

It's theoretically possible to modify the form to read other files 
accessible to the webserver user in your temp directory, but if you look at 
the tempFilePath() and addMimeParts() functions, you'll see that it's 
impossible to get out of that dir. Also, as Michael said, this is 
completely rewritten and closed in HEAD.

-chuck

--
Charles Hagenbuch, <chuck@horde.org>
"After a few minutes the most aromatic and nice smelling Italian coffee 
 will come out of the exhaustpipe." - Our stove-top espresso pot

Previous message: [imp] Still security issue with attachments?
Next message: [imp] Still security issue with attachments?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]