Item11822: fix plague mail security hole - rewrite to remove usage of eval
Priority: Normal
Current State: Closed
Released In: n/a
Target Release: n/a
Applies To: Web Site
Component: plague
Branches: trunk
GeorgeClark removed the crontab entry so there is no risk that the vulnerability to foswiki.org can be exploited.
--
KipLubliner - 07 May 2012
Kip fixed the script. I've tested it and made a couple of small changes
- WaitingFor field can have more than one name - need to split the field
- The file needs unix line endings. The split on \n\n separating the body from the headers in Net.pm was failing.
- Some users were listed with a Foswiki: prefix
- PerlTidy
Updated version attached. Kip did the heavy lifting. Thanks!
--
GeorgeClark - 07 May 2012
Note that this file is not in the Foswiki distribution. No exposure to anyone running any version of Foswiki.
--
GeorgeClark - 07 May 2012