Update of mhonarc/MHonArc/lib
Modified Files:
mhamain.pl mhdb.pl mhfile.pl mhinit.pl mhopt.pl mhrcfile.pl
mhtxtenrich.pl mhtxthtml.pl mhtxtplain.pl
Log Message:
Bug #13853: Added FOLLOWSYMLINKS resource (disabled by default).
Bug #14747: Applied Andrew Shirrayev's patch.
* Include subject of message in some warning messages to make it
easier to find orginal message causing warning.
======================================================================
FILE: mhonarc/MHonArc/lib/mhamain.pl
<http://www.mhonarc.org/cgi-bin/viewcvs.cgi/*checkout*/mhonarc/MHonArc/lib/mhamain.pl?rev=2.95>
<http://www.mhonarc.org/cgi-bin/viewcvs.cgi/mhonarc/MHonArc/lib/mhamain.pl.diff?r1=2.94&r2=2.95&diff_format=h>
--- mhamain.pl 3 May 2009 20:11:27 -0000 2.94
+++ mhamain.pl 31 Dec 2010 20:33:59 -0000 2.95
@@ -1073,4 +1073,5 @@
qq/Warning: Empty body data generated:\n/,
qq/ Message-Id: $MHAmsgid\n/,
+ qq/ Message Subject: /, $fields->{'x-mha-subject'}, qq/\n/,
qq/ Message Number: $MHAmsgnum\n/,
qq/ Content-Type: /,
======================================================================
FILE: mhonarc/MHonArc/lib/mhdb.pl
<http://www.mhonarc.org/cgi-bin/viewcvs.cgi/*checkout*/mhonarc/MHonArc/lib/mhdb.pl?rev=2.42>
<http://www.mhonarc.org/cgi-bin/viewcvs.cgi/mhonarc/MHonArc/lib/mhdb.pl.diff?r1=2.41&r2=2.42&diff_format=h>
--- mhdb.pl 3 May 2009 20:11:27 -0000 2.41
+++ mhdb.pl 31 Dec 2010 20:33:59 -0000 2.42
@@ -185,4 +185,5 @@
print_var($db,'ExpireTime', \$ExpireTime);
print_var($db,'FastTempFiles', \$FastTempFiles);
+print_var($db,'FollowSymlinks', \$FollowSymlinks);
print_var($db,'FROM', \$FROM);
print_var($db,'GMTDateFmt', \$GMTDateFmt);
======================================================================
FILE: mhonarc/MHonArc/lib/mhfile.pl
<http://www.mhonarc.org/cgi-bin/viewcvs.cgi/*checkout*/mhonarc/MHonArc/lib/mhfile.pl?rev=2.12>
<http://www.mhonarc.org/cgi-bin/viewcvs.cgi/mhonarc/MHonArc/lib/mhfile.pl.diff?r1=2.11&r2=2.12&diff_format=h>
--- mhfile.pl 29 Sep 2003 05:03:11 -0000 2.11
+++ mhfile.pl 31 Dec 2010 20:33:59 -0000 2.12
@@ -238,4 +238,9 @@
## Check if $path is a symlink
if (-l $path) {
+ if ($FollowSymlinks) {
+ # Symlinks allowed, so we check if symlink is to a directory
+ die qq/ERROR: "$path" is not a directory: $!\n/ if !(-d $path);
+ return;
+ }
# symlink, try to delete
warn qq/Warning: "$path" is a symlink, will try to replace...\n/;
======================================================================
FILE: mhonarc/MHonArc/lib/mhinit.pl
<http://www.mhonarc.org/cgi-bin/viewcvs.cgi/*checkout*/mhonarc/MHonArc/lib/mhinit.pl?rev=2.56>
<http://www.mhonarc.org/cgi-bin/viewcvs.cgi/mhonarc/MHonArc/lib/mhinit.pl.diff?r1=2.55&r2=2.56&diff_format=h>
--- mhinit.pl 3 May 2009 20:11:27 -0000 2.55
+++ mhinit.pl 31 Dec 2010 20:34:00 -0000 2.56
@@ -408,4 +408,6 @@
$DbFilePerms = $ENV{'M2H_DBFILEPERMS'} || '0660';
$DbFilePermsOct = 0660;
+$FollowSymlinks = defined($ENV{'M2H_FOLLOWSYMLINKS'}) ?
+ $ENV{'M2H_FOLLOWSYMLINKS'} : 0;
$CheckNoArchive = defined($ENV{'M2H_CHECKNOARCHIVE'}) ?
======================================================================
FILE: mhonarc/MHonArc/lib/mhopt.pl
<http://www.mhonarc.org/cgi-bin/viewcvs.cgi/*checkout*/mhonarc/MHonArc/lib/mhopt.pl?rev=2.65>
<http://www.mhonarc.org/cgi-bin/viewcvs.cgi/mhonarc/MHonArc/lib/mhopt.pl.diff?r1=2.64&r2=2.65&diff_format=h>
--- mhopt.pl 3 May 2009 20:11:27 -0000 2.64
+++ mhopt.pl 31 Dec 2010 20:34:00 -0000 2.65
@@ -68,4 +68,6 @@
'expireage=i', # Time in seconds from current if message expires
'fasttempfiles',# Do not use random filenames for temporary files
+ 'followsymlinks',
+ # Follow/allow symlinks when create files
'fileperms=i', # Octal permission to create files
'folrefs', # Print links to explicit follow-ups/references
@@ -125,4 +127,6 @@
'nofasttempfiles',
# Use random filenames for temporary files
+ 'nofollowsymlinks',
+ # Do not follow symlinks when creating files
'nofolrefs', # Do not print links to explicit follow-ups/references
'nogzipfiles', # Do not Gzip files
@@ -633,4 +637,6 @@
$FastTempFiles = 1 if $opt{'fasttempfiles'};
$FastTempFiles = 0 if $opt{'nofasttempfiles'};
+ $FollowSymlinks = 1 if $opt{'followsymlinks'};
+ $FollowSymlinks = 0 if $opt{'nofollowsymlinks'};
$POSIXstrftime = 1 if $opt{'posixstrftime'};
$POSIXstrftime = 0 if $opt{'noposixstrftime'};
======================================================================
FILE: mhonarc/MHonArc/lib/mhrcfile.pl
<http://www.mhonarc.org/cgi-bin/viewcvs.cgi/*checkout*/mhonarc/MHonArc/lib/mhrcfile.pl?rev=2.47>
<http://www.mhonarc.org/cgi-bin/viewcvs.cgi/mhonarc/MHonArc/lib/mhrcfile.pl.diff?r1=2.46&r2=2.47&diff_format=h>
--- mhrcfile.pl 8 Jul 2005 06:34:04 -0000 2.46
+++ mhrcfile.pl 31 Dec 2010 20:34:00 -0000 2.47
@@ -259,4 +259,7 @@
$FastTempFiles = 1; last FMTSW;
}
+ if ($elem eq 'followsymlinks') { # Allow/follow symlinks
+ $FollowSymlinks = 1; last FMTSW;
+ }
if ($elem eq 'fieldstore') { # Fields to store
@ExtraHFields = () if $override;
@@ -739,4 +742,7 @@
$FastTempFiles = 0; last FMTSW;
}
+ if ($elem eq 'nofollowsymlinks') { # Do not allow/follow symlinks
+ $FollowSymlinks = 0; last FMTSW;
+ }
if ($elem eq 'nofolrefs') { # Don't print explicit fol/refs
$DoFolRefs = 0; last FMTSW;
======================================================================
FILE: mhonarc/MHonArc/lib/mhtxtenrich.pl
<http://www.mhonarc.org/cgi-bin/viewcvs.cgi/*checkout*/mhonarc/MHonArc/lib/mhtxtenrich.pl?rev=2.11>
<http://www.mhonarc.org/cgi-bin/viewcvs.cgi/mhonarc/MHonArc/lib/mhtxtenrich.pl.diff?r1=2.10&r2=2.11&diff_format=h>
--- mhtxtenrich.pl 7 Aug 2003 20:35:32 -0000 2.10
+++ mhtxtenrich.pl 31 Dec 2010 20:34:00 -0000 2.11
@@ -96,4 +96,5 @@
qq/Warning: Unrecognized character set: $charset\n/,
qq/ Message-Id: <$mhonarc::MHAmsgid>\n/,
+ qq/ Message Subject: /, $fields->{'x-mha-subject'}, qq/\n/,
qq/ Message Number: $mhonarc::MHAmsgnum\n/
unless ($charcnv eq '-decode-');
======================================================================
FILE: mhonarc/MHonArc/lib/mhtxthtml.pl
<http://www.mhonarc.org/cgi-bin/viewcvs.cgi/*checkout*/mhonarc/MHonArc/lib/mhtxthtml.pl?rev=2.39>
<http://www.mhonarc.org/cgi-bin/viewcvs.cgi/mhonarc/MHonArc/lib/mhtxthtml.pl.diff?r1=2.38&r2=2.39&diff_format=h>
--- mhtxthtml.pl 30 Dec 2010 20:52:25 -0000 2.38
+++ mhtxthtml.pl 31 Dec 2010 20:34:00 -0000 2.39
@@ -60,4 +60,9 @@
## resulting filtered message is valid HTML.
##
+## CAUTION: Some of these options can open up a site to attacks.
+## The MIMEFILTERS reference page provide additional
+## information on the risks associated with enabling
+## a given option.
+##
## Arguments:
##
@@ -91,4 +96,6 @@
## an attachment, the data is saved to a file
## with a link to it from the message page.
+## NOTE: This option can expose your site to
+## XSS attacks.
##
## disablerelated Disable MHTML processing.
@@ -101,5 +108,5 @@
##
-# DEVELOPER's NOTE:
+# CAUTION:
# The script stripping code is probably not complete. Since a
# whitelist model is not being used -- because full HTML parsing
@@ -119,4 +126,5 @@
qq/Warning: Invalid HTML detected, rejecting\n/,
qq/ Message-Id: <$mhonarc::MHAmsgid>\n/,
+ qq/ Message Subject: /, $fields->{'x-mha-subject'}, qq/\n/,
qq/ Message Number: $mhonarc::MHAmsgnum\n/;
return undef;
@@ -160,4 +168,5 @@
qq/Warning: Unrecognized character set: $charset\n/,
qq/ Message-Id: <$mhonarc::MHAmsgid>\n/,
+ qq/ Message Subject: /, $fields->{'x-mha-subject'}, qq/\n/,
qq/ Message Number: $mhonarc::MHAmsgnum\n/;
}
======================================================================
FILE: mhonarc/MHonArc/lib/mhtxtplain.pl
<http://www.mhonarc.org/cgi-bin/viewcvs.cgi/*checkout*/mhonarc/MHonArc/lib/mhtxtplain.pl?rev=2.48>
<http://www.mhonarc.org/cgi-bin/viewcvs.cgi/mhonarc/MHonArc/lib/mhtxtplain.pl.diff?r1=2.47&r2=2.48&diff_format=h>
--- mhtxtplain.pl 20 Jun 2005 04:25:18 -0000 2.47
+++ mhtxtplain.pl 31 Dec 2010 20:34:00 -0000 2.48
@@ -332,4 +332,6 @@
qq/Warning: Unrecognized character set: $charset\n/,
qq/ Message-Id: <$mhonarc::MHAmsgid>\n/,
+ qq/ Message Subject: /, $fields->{'x-mha-subject'},
+ qq/\n/,
qq/ Message Number: $mhonarc::MHAmsgnum\n/;
mhonarc::htmlize($data);
---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHONARC-COMMITS