procmail
[Top] [All Lists]

Re: [autoresponder] testing existence of requested file

1999-12-01 17:36:16
Rejo wrote,

| I have taken a look at the procmailex manpage, and i don't understand this
| autoresponder at one point:
| 
| * !^Subject: send file .*[/.]\.

As the guiltier of the two parties responsible for that line of code, I'll
speak up.

| What happens here exactly? It says the Subject line is not allowed to
| have the string /. (slash, dot) or .. (dot, dot) somewhere in it?
| Correct?

Yes.  Thus (1) nobody can request a dotfile nor a file from a dot-named
subdirectory [no "/." allowed]; (2) nobody can try to sneak upward into
another directory that is not the file directory of a subdirectory of it [no
".." allowed]; but you can still allow descent into subdirectories of the 
file directory [single "/" allowed] or filenames that contain medial or
final periods ["." allowed if not preceded by "/" or another "."].

Remember that there was another condition requiring the first character of
the requested path to be a letter or a digit, so that prevents requesting
a dotfile in the file directory, a dot-named subdirectory in it, or a full
absolute path down from the root directory of the machine.

| Maybe, if i have the time, i'll change the autoresponders behaviour to
| that type. For the time being i'll stick to this one i guess:
| 
|   :0
|   *   ^TO_bot(_at_)sisterray(_dot_)xs4all(_dot_)nl
|   * ! ^FROM_DAEMON
|   * ! ^Precedence: (bulk|junk)
|   * ! 
^(From|X-Loop|Reply-To):(_dot_)*autoresponder(_at_)sisterray\(_dot_)xs4all\(_dot_)nl
|   * ! ^Subject:.*Re:
|   *   ^Subject: send [0-9a-z]
|   * ! ^Subject: send file .*[/.]\.
|   *   ^Subject: send \/[^    ]*
|   {
|         [unchanged]
| 
| Any more suggestions?

First, as I said before, ruling out bulk or junk precedence is redundant
after you've already ruled out matches to ^FROM_DAEMON.

Second, on the second to last condition line you have the word "file," so any
request for a dotfile or an ascent out of the file directory without the word
"file" will be accepted.  You have to decide whether to use "send file
filename" or "send filename" and stick with it.

Third, you can condense the last three conditions to two (this illustration
assumes that you've decided not to use the word "file"):

    * ! ^Subject: send .*[/.]\.
    *   ^Subject: send \/[0-9a-z][^     ]*