[bug #35388] commentized subjects allow PHP code injection

2012-01-29 12:29:34
Update of bug #35388 (project mhonarc):

                Priority:              5 - Normal => 7 - High               


Follow-up Comment #2:

I see nothing wrong with the recommend change, so I plan
on incorporating it.

If the X- comments are not needed (i.e. no need to perform
archive recovering from HTML pages or not post-processing
them for anything), you can disable the PRINTXCOMMENTS 

Sorry about the auto-mails.  Unsure if savannah supports
suppression of the mail for items marked private.

NOTE: If privacy is the utmost concern, you should send
email directly to mhonarc(_at_)mhonarc(_dot_)org.  The FAQ mentions
this, but it appears I failed to note this in the user

BTW, the system that hosts has recently moved,
so we are in the process of getting all the dependent software
re-installed on the new platform that is needed for performing
releases, so there will be delay for another release to be
made containing the security fix.


Reply to this item at:


  Message sent via/by Savannah

To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the