NOTE: If you are a developer, please use a private wiki based on foswiki/trunk on a daily base ...or use trunk.foswiki.org to view this page for some minimal testing.
Use Item9693 for docu changes for 1.2 and 2.0.
You are here: Foswiki>Tasks Web>Item11822 (08 May 2012, KipLubliner) Edit this topic text (e) Attach an image or document to this topic; manage existing attachments (a) View sequential topic history View without formatting (v) Create new topic Printable version of this topic (p) More: delete or rename this topic; set parent topic; view and compare revisions (m)

Item11822: fix plague mail security hole - rewrite to remove usage of eval

Priority: CurrentState: AppliesTo: Component: WaitingFor:
Normal Closed Web Site plague  
GeorgeClark removed the crontab entry so there is no risk that the vulnerability to foswiki.org can be exploited.

-- KipLubliner - 07 May 2012

Kip fixed the script. I've tested it and made a couple of small changes
  • WaitingFor field can have more than one name - need to split the field
  • The file needs unix line endings. The split on \n\n separating the body from the headers in Net.pm was failing.
  • Some users were listed with a Foswiki: prefix
  • PerlTidy

Updated version attached. Kip did the heavy lifting. Thanks!

-- GeorgeClark - 07 May 2012

Note that this file is not in the Foswiki distribution. No exposure to anyone running any version of Foswiki.

-- GeorgeClark - 07 May 2012
 

ItemTemplate edit

Summary fix plague mail security hole - rewrite to remove usage of eval
ReportedBy KipLubliner
Codebase
SVN Range
AppliesTo Web Site
Component plague
Priority Normal
CurrentState Closed
WaitingFor
Checkins Foswikirev:14771
TargetRelease n/a
ReleasedIn n/a
CheckinsOnBranches trunk
trunkCheckins Foswikirev:14771
Release01x01Checkins
Topic attachments
I Attachment Action Size Date Who Comment
newplague.pl.txttxt newplague.pl.txt manage 3.0 K 07 May 2012 - 03:47 GeorgeClark Kip's updated script with fixes - and tidied.
Edit | Attach | Print version | History: r4 < r3 < r2 < r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r4 - 08 May 2012, KipLubliner
 
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. see CopyrightStatement. Creative Commons LicenseGet Foswiki at sourceforge.net. Fast, secure and Free Open Source software downloads