[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-dev] [Bug #12] support e-mails eat backquoted text
From: |
noreply |
Subject: |
[Savannah-dev] [Bug #12] support e-mails eat backquoted text |
Date: |
Sat, 20 Apr 2002 16:49:47 -0400 |
Bug #12, was updated on 2002-Apr-20 11:56
Here is a current snapshot of the bug.
Project: savannah
Category: Mail
Severity: 7
Priority: High
Bug Group: None
Resolution: Fixed
Assigned to: ljulliar
Status: Closed
Effort: 0.50
Summary: support e-mails eat backquoted text
Original Submission: The e-mails sent by the support system remove all text
contained between backquotes (i.e., ascii character
0x60). For example, see support request #100533[1],
and the e-mail that was sent to savannah-hackers[2].
1.
http://savannah.gnu.org/support/?func=detailsupport&support_id=100533&group_i
d=11
2.
http://mail.gnu.org/pipermail/savannah-hackers/2002-March/006446.html
http://savannah.gnu.org/support/?func=detailsupport&support_id=100534&group_id=11
Follow-Ups:
**********
-------------------------------------------------------
Date: 2002-Apr-20 22:49
By: ljulliar
Comment:
This was a bug in the utils.php function util_prep_string_for_sendmail where
the backquote character was not escaped causing the shell to interpret the
backquoted text as a command instead of passing it as normal text to sendmail.
All services sending follwoup mails (bug, task, patch, support) were affected.
As you probably realize this was also a *major* security hole!!
`I include this text' to test that the `fix' is ok.
Impacted Files:
www/include/utils.php 1.10
For detailed info, follow this link:
http://savannah.gnu.org/bugs/?func=detailbug&bug_id=12&group_id=11