[Esd-l] Sanitizer somehow left a .doc extension on a document

Brett Glass brett at lariat.org
Wed Oct 3 19:13:02 PDT 2001


Just received a message in which the defanging done by John's
"sanitizer" seems to have malfunctioned. The "defanging"
wound up in the middle of the file name rather than at the 
end, leaving an attachment with a clickable .doc extension.
The MIME headers came through like this:

Content-type: multipart/mixed;
	boundary="Next_1001951157---0-203.199.83.25-6062"
X-UIDL: ba1601f780df7de19b28f46aef36318a


  Content-type: application/msword; name="default.txt";
Content-Disposition: attach; filename="cgiperl_C_XMLresume.6373DEFANGED-doc"

and the attachment came through with the file name

cgiperl_C_XMLresume.6373DEFANGED-doc.doc

Why?

--Brett 



More information about the esd-l mailing list