In article <20030105032650.16087.h011.c009.wm (at) mail.canada.com.criticalpath (dot) net [email concealed]> you write:
[ snip ]
>SOLUTION :
>==========
[ snip ]
> if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z
]{2,3})$",
>$email) && $email !=
>"") {
Please note that there are many more characters valid in the LHS of an
email address, for example +, that are often desirable. Disallowing
such addresses is a major nuisance. A beautiful example is the useful
feature in sendmail that allows user+whatever (at) dom (dot) ain [email concealed], which allows
users to invent infinite variations on their email address for tracking
spam database propagation.
In this particular application, the error is more widespread than the
fix you cite -- if you're going to allow random users to control file
names on your system, you certainly shouldn't put the contents somewhere
that a web server can directly find it.
That bit of software seems to need a major review.
--
Steve Watt KD6GGD PP-ASEL-IA ICBM: 121W 56' 57.8" / 37N 20' 14.9"
Internet: steve @ Watt.COM Whois: SW32
Free time? There's no such thing. It just comes in varying prices...
[ snip ]
>SOLUTION :
>==========
[ snip ]
> if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z
]{2,3})$",
>$email) && $email !=
>"") {
Please note that there are many more characters valid in the LHS of an
email address, for example +, that are often desirable. Disallowing
such addresses is a major nuisance. A beautiful example is the useful
feature in sendmail that allows user+whatever (at) dom (dot) ain [email concealed], which allows
users to invent infinite variations on their email address for tracking
spam database propagation.
In this particular application, the error is more widespread than the
fix you cite -- if you're going to allow random users to control file
names on your system, you certainly shouldn't put the contents somewhere
that a web server can directly find it.
That bit of software seems to need a major review.
--
Steve Watt KD6GGD PP-ASEL-IA ICBM: 121W 56' 57.8" / 37N 20' 14.9"
Internet: steve @ Watt.COM Whois: SW32
Free time? There's no such thing. It just comes in varying prices...
[ reply ]