Update of /cvsroot/mhonarc/mharc/cgi-bin
In directory subversions:/tmp/cvs-serv16570/cgi-bin
Modified Files:
extract-mesg.cgi.in.dist
Log Message:
* Changes to close a potential backdoor to accessing raw mail messages
for archives specified wiht "No-Raw-Link: 1". web-archive now
creates a file called ".noraw" in the archive mbox directories with
no-raw-linke enabled. extract-mesg.cgi checks for this, and if found
will return a forbidden status.
Index: extract-mesg.cgi.in.dist
===================================================================
RCS file: /cvsroot/mhonarc/mharc/cgi-bin/extract-mesg.cgi.in.dist,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -r1.3 -r1.4
*** extract-mesg.cgi.in.dist 3 Sep 2002 16:30:47 -0000 1.3
--- extract-mesg.cgi.in.dist 18 Sep 2002 17:23:29 -0000 1.4
***************
*** 82,85 ****
--- 82,91 ----
}
+ # Check if list has raw archive access disabled.
+ if (-e join('/', $list_dir, '.noraw')) {
+ MHArc::CGI::print_forbidden();
+ last MAIN;
+ }
+
my $gzipped = 0;
my $mbox_file = join('/', $list_dir, $month);
---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHONARC-DEV