Update of /cvsroot/mhonarc/mharc/bin
In directory subversions:/tmp/cvs-serv16570/bin
Modified Files:
web-archive
Log Message:
* Changes to close a potential backdoor to accessing raw mail messages
for archives specified wiht "No-Raw-Link: 1". web-archive now
creates a file called ".noraw" in the archive mbox directories with
no-raw-linke enabled. extract-mesg.cgi checks for this, and if found
will return a forbidden status.
Index: web-archive
===================================================================
RCS file: /cvsroot/mhonarc/mharc/bin/web-archive,v
retrieving revision 1.35
retrieving revision 1.36
diff -C2 -r1.35 -r1.36
*** web-archive 15 Sep 2002 03:33:08 -0000 1.35
--- web-archive 18 Sep 2002 17:23:28 -0000 1.36
***************
*** 238,242 ****
@folders = ();
! $cvs = 0;
if (!$editidx && !$editrootidx) {
# Get list of input mailboxes to process
--- 238,244 ----
@folders = ();
! $listname = $list;
! $cvs = ($listname =~ s/\.CVS$//);
!
if (!$editidx && !$editrootidx) {
# Get list of input mailboxes to process
***************
*** 247,250 ****
--- 249,270 ----
next;
}
+
+ # create .noraw file indicator if no-raw-link specified
+ my $no_raw_file = join('/', $dir, '.noraw');
+ if ($listdef->{$listname}{'no-raw-link'}[0]) {
+ if (! -e $no_raw_file) {
+ local(*NORAW);
+ if (!open(NORAW, ">$no_raw_file")) {
+ warn qq/Warning: Unable to create "$no_raw_file": $!\n/;
+ } else {
+ close(NORAW);
+ }
+ }
+ } elsif (-e $no_raw_file) {
+ if (!unlink($no_raw_file)) {
+ warn qq/Warning: Unable to remove "$no_raw_file": $!\n/;
+ }
+ }
+
@months = grep { /^$folder_regex(?:\.gz)?$/o } readdir(DIR);
closedir(DIR);
***************
*** 292,298 ****
}
mkdir($htmldir, 0777);
-
- my $listname = $list;
- $cvs = ($listname =~ s/\.CVS$//);
$disable_search = ($list =~ /^\./) ||
--- 312,315 ----
---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHONARC-DEV