mailman from CVS as of 8pm EDT 9/16/02

it looks like private.py has a interesting problem :-), Scrubber.py is very good at 
saving files with various MIME types, the
problem when you go to get them thought private.py they are returned with mime type of 
"text/html", The funny thing is for a jpeg
Internet Explorer will display correctly(I am assuming the extension is being used) 
but Netscape 4.7 and Opera 6.0 your get the
dance of binary text across the screen.

BTW, on a related issue, their is a small security issue, maybe, public archives seem 
to stright to the paths, any one who know the
system might be able to interject a php or shtml script into the archive and get, for 
example Apache, to think it a server side
executable, the default install from the BSD ports collect for Apache/php would do 
this. Might Want to give people a heads up in
INSTALL and have them tighten down their .htaccess file for this pathing, might even 
consider added a .htaccess to the default
install. I would hate to have mailman end up with a CERT with is really not being it's 
fault.

MJM


_______________________________________________
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman-21/listinfo/mailman-developers

Reply via email to