[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squirrelmail-cvs
Subject:    Re: [SM-CVS] CVS: squirrelmail/src compose.php,1.429, 1.430
From:       Thijs Kinkhorst <kink () squirrelmail ! org>
Date:       2005-12-12 9:45:17
Message-ID: 1134380717.2696.17.camel () darwin ! os9 ! nl
[Download RAW message or body]

On Mon, 2005-12-12 at 11:39 +0200, Tomas Kuliavas wrote:
> You have reverted wrong part of code. These are not used for "Draft folder
> does not exists" message.

The "Draft folder %s does not exist" message *did* need to be sanitized.
So I left that in.

> Just checked. $deliver->dlv_msg, $deliver->dlv_ret_nr and
> $deliver->dlv_server_msg is set in three places. One place (errorCheck()
> function in SMTP delivery class) sanitizes output. Other two (status check
> in sendmail finalizeStream() and TLS errors in SMTP) are not sanitized.
> 
> My code broke smtp error messages. Since this is only small formating
> sanitizing issue and fsockopen() errors are in plain text, 1.4.6 code can
> be kept unchanged.

Ah, so the problem was that some were already sanitized and others
weren't, hence the confusion.

> We should sanitize errors in delivery classes and rewrite code when
> templates are introduced or we should sanitize them on output.

I'm in favour of the last. That provides the most consistent way of
sanitizing output.


Thijs

["signature.asc" (application/pgp-signature)]
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
--
squirrelmail-cvs mailing list
List Address: squirrelmail-cvs@lists.sourceforge.net
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
http://squirrelmail.org/cvs

[prev in list] [next in list] [prev in thread] [next in thread]