Attachments

Trix_Gretler · January 17, 2001, 2:05pm

wir können die Attachments nicht direkt anklicken und öffnen.

Jesse1 · January 17, 2001, 6:36pm

I presume you’re using the stripmime patch. You’ll want to add a regexp
to urlify http://foo… in sub print_html in lib/rt/ui/web/support.pmOn Wed, Jan 17, 2001 at 03:05:53PM +0100, Trix Gretler wrote:

wir können die Attachments nicht direkt anklicken und öffnen.

Rt-devel mailing list
Rt-devel@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-devel

jesse reed vincent – root@eruditorum.org – jesse@fsck.com
70EBAC90: 2A07 FC22 7DB4 42C1 9D71 0108 41A3 3FB3 70EB AC90

Linux is like a Vorlon. It is incredibly powerful, gives terse,
cryptic answers and has a lot of things going on in the background.

Christian_Kurz · January 18, 2001, 10:00am

I presume you’re using the stripmime patch. You’ll want to add a regexp
to urlify http://foo… in sub print_html in lib/rt/ui/web/support.pm

Why function does print_html has? It only replaces to characters and so
I commented it currently out, to get the URL highlighted. If this is not
a good idea, would then please anybody explain why?

Ciao
Christian
Christian Kurz http://www.planNET.de
planNET Systems GmbH mailto:info@planNET.de
Schoenfeldstr. 8 Telefon: +49 721 66 36 0
D-76131 Karlsruhe Telefax: +49 721 66 36 199

J.D_Falk · January 18, 2001, 6:44pm

I presume you’re using the stripmime patch. You’ll want to add a regexp
to urlify http://foo… in sub print_html in lib/rt/ui/web/support.pm

Why function does print_html has? It only replaces to characters and so
I commented it currently out, to get the URL highlighted. If this is not
a good idea, would then please anybody explain why?

Security.  Do you trust all your potential requestors to never
send you e-mail with HTML redirects, pop-up windows, and the 
like?  Ever think about javascript, etcetera?  At the very 
least, any embedded HTML could mess up your view of RT.

J.D. Falk “The Internet isn’t just a publishing medium or a
Product Manager medium for commerce, it’s a social medium.”
Mail Abuse Prevention System LLC – Howard Rheingold

Jesse1 · January 18, 2001, 6:35pm

Without print_html,

and users would be able to send javascript in their email which could
be used to, among other things, attack RT.

    -jOn Thu, Jan 18, 2001 at 11:00:14AM +0100, Christian Kurz wrote:

On 01-01-17 Jesse wrote:

I presume you’re using the stripmime patch. You’ll want to add a regexp
to urlify http://foo… in sub print_html in lib/rt/ui/web/support.pm

Why function does print_html has? It only replaces to characters and so
I commented it currently out, to get the URL highlighted. If this is not
a good idea, would then please anybody explain why?

Ciao
Christian

Christian Kurz http://www.planNET.de
planNET Systems GmbH mailto:info@planNET.de
Schoenfeldstr. 8 Telefon: +49 721 66 36 0
D-76131 Karlsruhe Telefax: +49 721 66 36 199

Rt-devel mailing list
Rt-devel@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-devel

jesse reed vincent – root@eruditorum.org – jesse@fsck.com
70EBAC90: 2A07 FC22 7DB4 42C1 9D71 0108 41A3 3FB3 70EB AC90

autoconf is your friend until it mysteriously stops working, at which
point it is a snarling wolverine attached to your genitals by its teeth
(that said, it’s better than most of the alternatives) – Nathan Mehl

Christian_Kurz · January 22, 2001, 1:32pm

Without print_html,

From: jesse@fsck.com would appear in your browser as From:

and users would be able to send javascript in their email which could
be used to, among other things, attack RT.

Hm, and what would be a proper code to still get the URL highlighted as
Link but still use print_html to have a protecting against java-script?

Ciao
Christian
Christian Kurz http://www.planNET.de
planNET Systems GmbH mailto:info@planNET.de
Schoenfeldstr. 8 Telefon: +49 721 66 36 0
D-76131 Karlsruhe Telefax: +49 721 66 36 199

Brandon_S_Allbery_KF · January 22, 2001, 1:55pm

| Hm, and what would be a proper code to still get the URL highlighted as
| Link but still use print_html to have a protecting against java-script?
±–>8

sub print_html{
my ($value) = shift;
my %map = (‘<’ => ‘<’, ‘>’ => ‘>’, ‘&’ => ‘&’);
$value =~ s/([<>&])/$map{$1}/ge;
$value =~
s!(?:^|\b)((?:https?|ftp|mailto)://[^\s"'/]+/[^\s():"']+)!<A
HREF="$1">$1!g;
print “$value”;
}

brandon s. allbery [os/2][linux][solaris][japh] allbery@kf8nh.apk.net
system administrator [WAY too many hats] allbery@ece.cmu.edu
electrical and computer engineering KF8NH
carnegie mellon university [“better check the oblivious first” -ke6sls]

Christian_Kurz · January 22, 2001, 2:04pm

±----
| Hm, and what would be a proper code to still get the URL highlighted as
| Link but still use print_html to have a protecting against java-script?
±–>8

sub print_html{
my ($value) = shift;
my %map = (‘<’ => ‘<’, ‘>’ => ‘>’, ‘&’ => ‘&’);
$value =~ s/([<>&])/$map{$1}/ge;
$value =~
s!(?:^|\b)((?:https?|ftp|mailto)://[^\s"'/]+/[^\s():"']+)!<A
HREF="$1">$1!g;
print “$value”;
}

Thank you very much. It works really good.

Ciao
Christian
Christian Kurz http://www.planNET.de
planNET Systems GmbH mailto:info@planNET.de
Schoenfeldstr. 8 Telefon: +49 721 66 36 0
D-76131 Karlsruhe Telefax: +49 721 66 36 199

Jesse1 · January 22, 2001, 2:44pm

And, just so everyone knows, this is already in CVS for RT 1.0.8…which
will get rolled as soon as I do something about the From: parsing bug.

    -jOn Mon, Jan 22, 2001 at 08:55:34AM -0500, Brandon S. Allbery KF8NH wrote:

On Monday, January 22, 2001 14:32:06 +0100, Christian Kurz Christian.Kurz@planNET.de wrote:
±----
| Hm, and what would be a proper code to still get the URL highlighted as
| Link but still use print_html to have a protecting against java-script?
±–>8

sub print_html{
my ($value) = shift;
my %map = (‘<’ => ‘<’, ‘>’ => ‘>’, ‘&’ => ‘&’);
$value =~ s/([<>&])/$map{$1}/ge;
$value =~
s!(?:^|\b)((?:https?|ftp|mailto)://[^\s"'/]+/[^\s():"']+)!<A
HREF="$1">$1!g;
print “$value”;
}

–
brandon s. allbery [os/2][linux][solaris][japh] allbery@kf8nh.apk.net
system administrator [WAY too many hats] allbery@ece.cmu.edu
electrical and computer engineering KF8NH
carnegie mellon university [“better check the oblivious first” -ke6sls]

Rt-devel mailing list
Rt-devel@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-devel

jesse reed vincent – root@eruditorum.org – jesse@fsck.com
70EBAC90: 2A07 FC22 7DB4 42C1 9D71 0108 41A3 3FB3 70EB AC90

that’s security the same way that asking for directions to topeka and
being told that a seal is a mammal is informative
-robin@apocalypse.org

Tom_Vile · November 21, 2003, 7:37pm

I am having an issue with attachments in RT. I can add them without any
issue and see them assigned to a ticket with the proper size but when I
go to download the document and open it it is corrupted and can not be
read. This happens every time.

RH 9
Mysql 3.27
Latest Perl
Apache 2.0
Tom Vile
Lille Corp

Tim_Gerla · November 21, 2003, 11:41pm

Tom Vile wrote:

I am having an issue with attachments in RT. I can add them without any
issue and see them assigned to a ticket with the proper size but when I
go to download the document and open it it is corrupted and can not be
read. This happens every time.

RH 9
Mysql 3.27
Latest Perl
Apache 2.0

Read a few messages back in the archives. I posted a patch which will
solve the attachment corruption in some cases. It may break i18n
capabilities, though. It’s working fine here.

-Tim

Programmer, Outsource Financial Services, LLC.
tgerla@outsourcefinancial.com

Attachments

Ciao Christian

Ciao
Christian