Nigel, His point, I believe, is more to add something to sanitize the subject line. It doesn't matter if they are in another dir.
Otherwise, a subject such as ../../../../.... could have exploit/dos potential. Something like $subject =~ s/[^-a-z0-9 _]//i; would be a good start. Regards, KAM ><snip> >> Dumping files into /tmp and giving an attacker substantial control over >> the filename is a recipe for trouble. > >Thanks for the input David. The folder this stuff is going into is >actually an SMB mounted folder on another machine. In practise (or >rather production) I might well make this a subfolder of /mnt for >safety's sake _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
