[Mimedefang] Dot com dot something

Steffen Kaiser skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Thu Sep 16 05:28:53 EDT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 30 Aug 2010, Joseph Brennan wrote:

> $re = '\.' . $bad_exts . '\.*$';
>
> This catches harmless example.com.pdf and more complicated things.

Hmm, musing here, because I do not have a system to test with:

what happens if you save "example.com.pdf" on a 8.3 filesystem?

> I have forgotten what evil can be done with a trailing dot, but before
> I commit foolishness by changing $re, I thought I'd ask.

same here. Maybe there are other circumstances, in which a trailing dot is 
simply ignored for user's sake. IMHO a trailing dot is suspicious. If you 
rename "oldname.txt" with Windows explorer to "newname.txt...........", 
you get a warning about a probably unusable filename, but the result is 
"newname.txt".

Regards,

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBTJHjWEgddVksjRnHAQI2AggArw7SW73Wgwmqlwazt2xOgxWQrFr1FnDy
OslKcQOPwnEZf4lk0eVItzKXGmji2x5GsnusJRhwMYbtNOTfpSVpl5qZ0V6ikzLO
hXl0JNryzcLcjEeJiY4xJhRoeNLTMpMlb+SlyX3Xvt19UgWkup826PY0Aob7CB/8
3AYVP/i7AmPRuGffqzg6xpcNEAbHD8K8pUHqNUaL1+yF0ZCz/Yck1Tjz8eA6bTA6
LBdMutRMDOqUyzCb0oK5Uk39eC0PjtewZ2ugQov1fgP8qZXemoSNXo9nmrBWphUL
+fa/nHkc5e0v29c7/j+qFXgpIqLgVLmrp0HfoxPP2ktztHgmaH1d1g==
=GeFL
-----END PGP SIGNATURE-----



More information about the MIMEDefang mailing list