You are here: Foswiki>Tasks Web>Item11822 (08 May 2012, KipLubliner)Edit Attach

Item11822: fix plague mail security hole - rewrite to remove usage of eval

pencil
Priority: Normal
Current State: Closed
Released In: n/a
Target Release: n/a
Applies To: Web Site
Component: plague
Branches: trunk
Reported By: KipLubliner
Waiting For:
Last Change By: KipLubliner
GeorgeClark removed the crontab entry so there is no risk that the vulnerability to foswiki.org can be exploited.

-- KipLubliner - 07 May 2012

Kip fixed the script. I've tested it and made a couple of small changes
  • WaitingFor field can have more than one name - need to split the field
  • The file needs unix line endings. The split on \n\n separating the body from the headers in Net.pm was failing.
  • Some users were listed with a Foswiki: prefix
  • PerlTidy

Updated version attached. Kip did the heavy lifting. Thanks!

-- GeorgeClark - 07 May 2012

Note that this file is not in the Foswiki distribution. No exposure to anyone running any version of Foswiki.

-- GeorgeClark - 07 May 2012
 

ItemTemplate edit

Summary fix plague mail security hole - rewrite to remove usage of eval
ReportedBy KipLubliner
Codebase
SVN Range
AppliesTo Web Site
Component plague
Priority Normal
CurrentState Closed
WaitingFor
Checkins distro:4a67066228f3
TargetRelease n/a
ReleasedIn n/a
CheckinsOnBranches trunk
trunkCheckins distro:4a67066228f3
Release01x01Checkins
I Attachment Action Size Date Who Comment
newplague.pl.txttxt newplague.pl.txt manage 3 K 07 May 2012 - 03:47 GeorgeClark Kip's updated script with fixes - and tidied.
Topic revision: r4 - 08 May 2012, KipLubliner
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy