[Mimedefang] BUG: filter_bad_filename doesn't expect a space
Chris Myers
chris at by-design.net
Tue Mar 4 09:44:01 EST 2003
| The following line in mimedefang-filter:
|
| $re = '\.' . $bad_exts . '\.*([^-A-Za-z0-9_.,]|$)';
|
| will improperly match this filename (not including the quotes):
|
| "test.com example.txt"
|
| because "space" is not one of the characters listed in the "I'm done with
| this filename" character class, so it believes the extension is ".com".
There is a bug in some MUA's that will interpret a filename looking
something like:
foo.jpg .exe .jpg
as an executable. The filename isn't exactly like that, and it apparently
has to be carefully crafted, but you get the idea...
Chris Myers
Networks By Design
More information about the MIMEDefang
mailing list