thank you for your replay! what we are doing now is rewrite with apache. ============================================== RewriteCond %{QUERY_STRING} !modu=([^\.&]+)$ ==============================================
patch file for qmailadmin u make, we realy wanna verify that too. let us know if u are ready for that. Thanks. On Wed, 2 Aug 2006 08:27:23 -0700 Tom Collins <[EMAIL PROTECTED]> wrote: > On Aug 1, 2006, at 7:14 PM, [EMAIL PROTECTED] wrote: > > 3. after that u will got the address like this on the address bar on > > your browser. > > ================================================= > > http://sample.co.jp/cgi-bin/qmailadmin/com/delmailinglistnow? > > user=postmaster&dom=sample.co.jp&time=1154482055& > > > > 4.k! now the main point. ENTER the URL. > > ================================================= > > 10.10.10.30 - - [02/Aug/2006:10:29:45 +0900] "GET /cgi-bin/ > > qmailadmin/com/delmailinglistnow? > > user=postmaster&dom=sample.co.jp&time=1154482055& HTTP/1.1" 200 > > 8058 "-" "Mozillla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; > > SV1; .NET CLR 1.1.4322)" > > > > > > 5. and look under then domain directory. > > ALL DIRECTORY HAS BEEN DELETED...vpasswd and etc,, everything gone... > > Confirmed. If you edit the URL to remove the "modu" parameter, it > will delete the entire domain directory. > > I'll add a patch to have qmailadmin ensure that "modu" is an actual > mailing list before going through with the delete. I imagine that > there are other instances where modifying the URL would result in > things you don't want. I'm not sure I'd call this a bug, but it > would certainly be a good idea to modify the code to validate the > input better. > > -- > Tom Collins - [EMAIL PROTECTED] > Vpopmail - virtual domains for qmail: http://vpopmail.sf.net/ > QmailAdmin - web interface for Vpopmail: http://qmailadmin.sf.net/