Liviu Daia <[EMAIL PROTECTED]> scria la data de 10 Iunie 2005:
> Liviu Daia <[EMAIL PROTECTED]> scria la data de 10 Iunie 2005:
> [...]
> > Voi incerca sa gasesc o situatie care sa exemplifice problema de
> > care spuneam cand / daca voi intelege exact ce isi propune sa faca
> > functia respectiva, si cand / daca voi intelege de ce nu face asta
> > si in practica.
> [...]
>
> Dupa putina arheologie, si fara sa fi inteles complet ce se
> intampla, pot spune ca:
>
> (1) Problema initiala nu ar trebui sa se manifeste (functia respectiva
> nu e apelata) cand "humanize-mime" este false. Asta ar permite insa
> si post-area de attachment-uri binare.
>
> (2) Un sacenariu in care Ecartis-ul cu patch-ul propus genereaza mesaje
> invalide este urmatorul: un mesaj trimis catre lista avand un
> attachment Base64 si altul 8bit, si care bounce-aza. Bounce-ul este
> invalid.
>
> Urmarea in episodul urmator, probabil maine sau luni.
[...]
Scuze, analiza se poate termina mult mai repede: patch-ul adauga
o problema de securitate. In felul asta orice attachment binar (de
exemplu "virus.exe" :-)) care are tipul "text/plain" va fi trimis de
Ecartis intregului popor listas. Pentru necredinciosi, atasez un demo
trimis asa si primit inapoi de la lista debug, incodat Base64 ca sa
ramana intact (salvati intr-un fisier si decodati, spre exemplu cu
mimencode).
Concluzie: nu e vorba de un bug, ci de un feature. :-) Daca nu va
convine, puneti "humanize-mime = false" si permiteti attachment-urile
binare. In esenta e acelasi lucru cu patch-ul propus. :-)
Salutari,
Liviu Daia
--
Dr. Liviu Daia http://www.imar.ro/~daia
--CUT HERE--
RnJvbSBkZWJ1Zy1ib3VuY2VAbWFpbC5sdWcucm8gIEZyaSBKdW4gMTAgMjI6NDU6NTAgMjAw
NQpSZXR1cm4tUGF0aDogPGRlYnVnLWJvdW5jZUBtYWlsLmx1Zy5ybz4KUmVjZWl2ZWQ6IGZy
b20gbnMxLmltYXIucm8gKG5zMS5pbWFyLnJvIFsxOTMuMjI2LjQuNF0pCglieSBzdG9pbG93
LmltYXIucm8gKFBvc3RmaXgpIHdpdGggRVNNVFAgaWQgOEQ1NzYyN0Y3RjYKCWZvciA8ZGFp
YUBzdG9pbG93LmltYXIucm8+OyBGcmksIDEwIEp1biAyMDA1IDIyOjQ1OjUwICswMzAwIChF
RVNUKQpSZWNlaXZlZDogZnJvbSBtYWlsLmx1Zy5ybyAobWFpbC5sdWcucm8gWzE5My4yMjYu
MTQwLjQ5XSkKCWJ5IG5zMS5pbWFyLnJvIChQb3N0Zml4KSB3aXRoIEVTTVRQCglmb3IgPExp
dml1LkRhaWFAaW1hci5ybz47IEZyaSwgMTAgSnVuIDIwMDUgMjI6NDU6NTAgKzAzMDAgKEVF
U1QpClJlY2VpdmVkOiBmcm9tIGxvY2FsaG9zdCAobG9jYWxob3N0IFsxMjcuMC4wLjFdKQoJ
YnkgbWFpbC5sdWcucm8gKFBvc3RmaXgpIHdpdGggRVNNVFAKCWlkIEU1QjgzN0QwMkIwNkY7
IEZyaSwgMTAgSnVuIDIwMDUgMjI6NDU6NDkgKzAzMDAgKEVFU1QpClJlY2VpdmVkOiBmcm9t
IG1haWwubHVnLnJvIChbMTkzLjIyNi4xNDAuNDldKQoJYnkgbG9jYWxob3N0IChtYWlsIFsx
OTMuMjI2LjE0MC40OV0pIChhbWF2aXNkLW5ldywgcG9ydCAxMDAyNCkKCXdpdGggRVNNVFAg
aWQgMTEzNzctMDE7IEZyaSwgMTAgSnVuIDIwMDUgMjI6NDU6NDMgKzAzMDAgKEVFU1QpClJl
Y2VpdmVkOiBmcm9tIG1haWwgKGxvY2FsaG9zdCBbMTI3LjAuMC4xXSkKCWJ5IG1haWwubHVn
LnJvIChQb3N0Zml4KSB3aXRoIEVTTVRQCglpZCA0NkU0ODdEMDAwNkJCOyBGcmksIDEwIEp1
biAyMDA1IDIyOjQ1OjQyICswMzAwIChFRVNUKQpSZWNlaXZlZDogd2l0aCBFQ0FSVElTICh2
MS4wLjA7IGxpc3QgZGVidWcpOyBGcmksIDEwIEp1biAyMDA1IDIyOjQ1OjQyICswMzAwIChF
RVNUKQpEZWxpdmVyZWQtVG86IGRlYnVnQGx1Zy5ybwpSZWNlaXZlZDogZnJvbSBsb2NhbGhv
c3QgKGxvY2FsaG9zdCBbMTI3LjAuMC4xXSkKCWJ5IG1haWwubHVnLnJvIChQb3N0Zml4KSB3
aXRoIEVTTVRQIGlkIDFFRDkwN0QwMkFENDYKCWZvciA8ZGVidWdAbHVnLnJvPjsgRnJpLCAx
MCBKdW4gMjAwNSAyMjo0NTo0MiArMDMwMCAoRUVTVCkKUmVjZWl2ZWQ6IGZyb20gbWFpbC5s
dWcucm8gKFsxOTMuMjI2LjE0MC40OV0pCglieSBsb2NhbGhvc3QgKG1haWwgWzE5My4yMjYu
MTQwLjQ5XSkgKGFtYXZpc2QtbmV3LCBwb3J0IDEwMDI0KQoJd2l0aCBFU01UUCBpZCAxMDAx
MS0wNiBmb3IgPGRlYnVnQGx1Zy5ybz47CglGcmksIDEwIEp1biAyMDA1IDIyOjQ1OjM0ICsw
MzAwIChFRVNUKQpSZWNlaXZlZDogZnJvbSBuczEuaW1hci5ybyAobnMxLmltYXIucm8gWzE5
My4yMjYuNC40XSkKCWJ5IG1haWwubHVnLnJvIChQb3N0Zml4KSB3aXRoIEVTTVRQIGlkIDk5
RjNFN0QwMDA2QkIKCWZvciA8ZGVidWdAbHVnLnJvPjsgRnJpLCAxMCBKdW4gMjAwNSAyMjo0
NTozNCArMDMwMCAoRUVTVCkKUmVjZWl2ZWQ6IGZyb20gYWRtaW4uaW1hci5ybyAodW5rbm93
biBbODAuOTcuNzEuNDRdKQoJYnkgbnMxLmltYXIucm8gKFBvc3RmaXgpIHdpdGggRVNNVFAK
CWZvciA8ZGVidWdAbHVnLnJvPjsgRnJpLCAxMCBKdW4gMjAwNSAyMjo0NTozNCArMDMwMCAo
RUVTVCkKUmVjZWl2ZWQ6IGJ5IGFkbWluLmltYXIucm8gKFBvc3RmaXgsIGZyb20gdXNlcmlk
IDEwMzQpCglpZCBEOThERjg4ODNFOyBGcmksIDEwIEp1biAyMDA1IDIyOjQ1OjMzICswMzAw
IChFRVNUKQpEYXRlOiBGcmksIDEwIEp1biAyMDA1IDIyOjQ1OjMzICswMzAwCkZyb206IExp
dml1IERhaWEgPExpdml1LkRhaWFAaW1hci5ybz4KVG86IGRlYnVnQGx1Zy5ybwpTdWJqZWN0
OiBbZGVidWddIGp1bmsKTWVzc2FnZS1JRDogPDIwMDUwNjEwMjI0NTMzLjg2MzAxMTQxMDRA
ZXVsZXIuaW1hci5ybz4KTWltZS1WZXJzaW9uOiAxLjAKQ29udGVudC10eXBlOiB0ZXh0L3Bs
YWluCkNvbnRlbnQtVHJhbnNmZXItRW5jb2Rpbmc6IGJhc2U2NApDb250ZW50LURpc3Bvc2l0
aW9uOiBhdHRhY2htZW50OyBmaWxlbmFtZT0ianVuay5neiIKWC1WaXJ1cy1TY2FubmVkOiBi
eSBsdWcucm8ncyBpbmVicmlhdGVkIHBlbmd1aW5zClgtZWNhcnRpcy12ZXJzaW9uOiBFY2Fy
dGlzIHYxLjAuMApTZW5kZXI6IGRlYnVnLWJvdW5jZUBtYWlsLmx1Zy5ybwpFcnJvcnMtVG86
IGRlYnVnLWJvdW5jZUBtYWlsLmx1Zy5ybwpYLW9yaWdpbmFsLXNlbmRlcjogTGl2aXUuRGFp
YUBpbWFyLnJvClByZWNlZGVuY2U6IGJ1bGsKUmVwbHktVG86IGRlYnVnQGx1Zy5ybwpYLWxp
c3Q6IGRlYnVnClgtVmlydXMtU2Nhbm5lZDogYnkgbHVnLnJvJ3MgaW5lYnJpYXRlZCBwZW5n
dWlucwpTdGF0dXM6IE8KQ29udGVudC1MZW5ndGg6IDQxCkxpbmVzOiAxCgpINHNJQ0pydHFV
SUNBMnAxYm1zQXl5ck55K1lDQUFkMTFHMEZBQUFBCgo=
--CUT HERE--
---
Detalii despre listele noastre de mail: http://www.lug.ro/
