mhonarc-users

Re: '$' signs in messages

2001-08-20 11:12:16
Hi,

If, as Earl said, you are doing something with PHP, and this is the
root of your problem, you better be VERY careful.  You have to make
sure whatever page you archived cannot be tricked into being PHP
executable (e.g. do not "include" or "require" the page). The
security hole is this:  someone can post a message to the newsgroup
you are archiving, with PHP embedded code that will do things like
read the password file and mailit to someone, and so on.

Cheers, Thomas

J C Lawrence wrote:

$strings in messages are not being archived, and instead, are being
stripped from the resultant message.  For example a message body
which reads in part:

--<cut>--
  All newly created objects inherit by default from $NEW_OBJECT
--<cut>--

will archive as

--<cut>--
  All newly created objects inherit by default from
--<cut>--

How to fix?

$ mhonarc -v
  MHonArc v2.4.8 (Perl 5.006001)

--
J C Lawrence                                    )\._.,--....,'``.
---------(*)                                   /,   _.. \   _\  ;`._ ,.
claw(_at_)kanga(_dot_)nu                                 
`._.-(,_..'--(,_..'`-.;.'
http://www.kanga.nu/~claw/                     Oh Freddled Gruntbuggly

-- 
------------------------------------------------------------
Thomas Reinke                            Tel: (905) 331-2260
Director of Technology                   Fax: (905) 331-2504
E-Soft Inc.                         http://www.e-softinc.com
Publishers of SecuritySpace     http://www.securityspace.com

<Prev in Thread] Current Thread [Next in Thread>