[Esd-l] Re: procmail sanitizer and 8-bit attachments.
Joe Steele
joe at madewell.com
Tue Jun 24 10:02:26 PDT 2003
On Monday, June 23, 2003 10:07 PM, John D. Hardin wrote:
> On Mon, 23 Jun 2003, Joe Steele wrote:
> >
> > * ^Content-(Type|Disposition):.*name=.*=\?.*\?
>
> Too broad. Be *very* careful with .* patterns.
Unfortunately, it needs to be pretty broad. I tested the following
header with older and newer versions of MS Outlook/OE (note the
absence of quotations, the addition of text before the '=?', and the
use of a non-"iso" char. set):
Content-Type: application/octet-stream;
name=test=?us-ascii?B?TW92aWVfMDA3NC5tcGVnLmJhdA==?=
The result was that Outlook interprets the header to read:
Content-Type: application/octet-stream;
name="testMovie_0074.mpeg.bat"
> * ^Content-(Type|Disposition):.*name="=\?[^?"]+\?[BQ]\?
>
> ..is as general as I'd dare get.
To deal with the missing quotes and the added text, it probably needs
to be (at the risk of again being too broad):
* ^Content-(Type|Disposition):.*name=.*=\?[^?]+\?[BQ]\?
--Joe
More information about the esd-l
mailing list