Re: invalid link label for a message attachment if file name is MIME encoded.

2003-02-03 23:21:19
On February 4, 2003 at 12:07, =?ISO-2022-JP?B?GyRCP3k4NhsoQg==?= wrote:


If attachment file name is MIME encoded with multibyte language,
a link label to an attachment file is incorrect.
I think this is caused by to avoid any potential XSS.

Not exactly.  The readmail::MAILhead_get_disposition routine is used to
extract the filename parameter.  Currently, MAILhead_get_disposition
does a straight decode of =?...?.?...?= text, not taking into account
the charset specified.

This is a bug.

v2.6.0 will have a TEXTENCODE resource that can be used as a work-around
to this problem.  To test it, download one of the snapshot builds of
MHonArc at <>.


To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the