Skip Menu |

This queue is for tickets about the Mail-Box CPAN distribution.

Report information
The Basics
Id: 99183
Status: resolved
Priority: 0/
Queue: Mail-Box

People
Owner: Nobody in particular
Requestors: randy.diffenderfer [...] gmail.com
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: parameter value whitespace trimming required
Date: Sat, 27 Sep 2014 13:55:38 -0700
To: bug-Mail-Box [...] rt.cpan.org
From: Randy Diffenderfer <randy.diffenderfer [...] gmail.com>
Not sure how many other headers have this issue, but easily reproduced by adding a trailing space character to CTE, for example. It's pretty much independent of version (true since 2.082, certainly, to current), operating system and perl version. … Content-Transfer-Encoding: base64(space) … this will cause the methods that do …->decoded() to fail with: WARNING: No decoder defined for transfer encoding base64 .
Reasonable. Stripping of blanks on a few more Content-* headers is also useful. Thanks
Subject: Re: [rt.cpan.org #99183] parameter value whitespace trimming required
Date: Fri, 10 Oct 2014 14:28:58 -0700
To: bug-Mail-Box [...] rt.cpan.org
From: Randy Diffenderfer <randy.diffenderfer [...] gmail.com>
actually, it gets worse. what the real "ask" here is for semantic validity option, to pull out the value as a token, net or params, as well as trim the WS on the result! not too much to ask for! :-) the code will fail to figure out the method needed if the bad guys encode something like ... Content-Transfer-Encoding: base64; silly-param="junk" On Fri, Oct 10, 2014 at 12:10 PM, Mark Overmeer via RT < bug-Mail-Box@rt.cpan.org> wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=99183 > > > Reasonable. Stripping of blanks on a few more Content-* headers is > also useful. Thanks >
Subject: Re: [rt.cpan.org #99183] parameter value whitespace trimming required
Date: Mon, 20 Oct 2014 16:13:10 +0200
To: Randy Diffenderfer via RT <bug-Mail-Box [...] rt.cpan.org>
From: Mark Overmeer <solutions [...] overmeer.net>
* Randy Diffenderfer via RT (bug-Mail-Box@rt.cpan.org) [141015 22:29]: Show quoted text
> Queue: Mail-Box > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=99183 > > > actually, it gets worse. what the real "ask" here is for semantic validity > option, to pull out the value as a token, net or params, as well as trim > the WS on the result! not too much to ask for! :-) > > the code will fail to figure out the method needed if the bad guys encode > something like ... > Content-Transfer-Encoding: base64; silly-param="junk"
See RF2045: there are no attributes allowed in the field. -- MarkOv ------------------------------------------------------------------------ drs Mark A.C.J. Overmeer MARKOV Solutions Mark@Overmeer.net solutions@overmeer.net http://Mark.Overmeer.net http://solutions.overmeer.net
Subject: Re: [rt.cpan.org #99183] parameter value whitespace trimming required
Date: Mon, 20 Oct 2014 08:15:55 -0700
To: bug-Mail-Box [...] rt.cpan.org
From: Randy Diffenderfer <randy.diffenderfer [...] gmail.com>
understand, but that doesn't stop the bad guys from putting them there, and the browsers and email muas happily suck it up. the bigger "ask" then would seem to be a "strict rfc" mode, where such errors are called out, as opposed to just being choked upon, but i *know* that is a non-trivial mod! On Mon, Oct 20, 2014 at 7:13 AM, Mark Overmeer via RT < bug-Mail-Box@rt.cpan.org> wrote: Show quoted text
> <URL: https://rt.cpan.org/Ticket/Display.html?id=99183 > > > * Randy Diffenderfer via RT (bug-Mail-Box@rt.cpan.org) [141015 22:29]:
> > Queue: Mail-Box > > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=99183 > > > > > actually, it gets worse. what the real "ask" here is for semantic
> validity
> > option, to pull out the value as a token, net or params, as well as trim > > the WS on the result! not too much to ask for! :-) > > > > the code will fail to figure out the method needed if the bad guys encode > > something like ... > > Content-Transfer-Encoding: base64; silly-param="junk"
> > See RF2045: there are no attributes allowed in the field. > -- > MarkOv > > ------------------------------------------------------------------------ > drs Mark A.C.J. Overmeer MARKOV Solutions > Mark@Overmeer.net solutions@overmeer.net > http://Mark.Overmeer.net http://solutions.overmeer.net > > >