Re: [Bug #2051] Query string including 'action=' not handled properly

2002-12-30 01:11:20
Earl Hood wrote:

I tested the above, and it got by the filtering also with the original code. ...

Can you provide your test case?  The above did get filtered from my
tests.  Of course, if allownoncidurls is in effect, the above
will pass through.

That's it, i.e. mhonarc.db included allownoncidurls.

So, to take care of the example with code splitted up into two parts, line 333 in my copy of now reads:

    $$data =~ s/((?:^|[^\?&;])$UAttr\s*=\s*)([^\s'">][^\s>]+)

For example, say you included some sample code in your message that includes strings like


the text will be removed since the filtering does not descriminate
what is and is not in a tag.

Right. And since that is probably a more important limitation than my query string example, I do not suggest any longer that you change the code in accordance with the above.

/ Gunnar

To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the