Hi,list!
If attachment file name is MIME encoded with multibyte language,
a link label to an attachment file is incorrect.
I think this is caused by to avoid any potential XSS.
This is a sample original mail
------
:
Content-Type: application/octet-stream; name="
=?ISO-2022-JP?B?GyRCJSIlJCUmGyhC?=.xls"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="
=?ISO-2022-JP?B?GyRCJSIlJCUmGyhC?=.xls"
:
-------
"=?ISO-2022-JP?B?GyRCJSIlJCUmGyhC?=.xls" should be decode to
1b 24 42 2522 2524 2526 1b 28 42 2e 78 6c 73
ESC $ B ESC ( B . x l s
But mhexternal.pl decodes and htmlizes to
1b 24 42 25 26 71 75 6f 74 3b 2524 2526 61 6d 70 3b 1b 28 42 2e 786c 73
ESC $ B & q u o t ; & a m p ; ESC ( B . x l s
0x2522 -> 0x25 " , 0x2526 -> 0x25 &
line 237-238 in mhexternal.pl v2.13,
if ($nameparm) {
$namelabel = mhonarc::htmlize($nameparm);
:
line 941 in readmail.pl v2.31
$filename =~ s%.*[/\\:]%%; # Remove any path component
I'm using now with comment out these lines (T_T)
Do you have any idea ?
Sorry for my poor English ...
-----------
Tomohiko Sugihara
---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHONARC-DEV