[2010-10-07 01:28 UTC] maintainer at mlmmj dot org
Description:
------------
Mlmmj accepts too much for its commandline arguments at times. E.g. using mlmmj-sub a carriage return can be accepted at the end of an email address and be subscribed.
Test script:
---------------
$_REQUEST['address'] comes from a textarea:
$addressA = explode("\n", $_REQUEST['address']);
foreach ($addressA as $a) {
exec("sudo /usr/bin/mlmmj-sub -L /var/spool/mlmmj/listname/ -a {$a} -s");
}
Expected result:
----------------
Either a sanitised address subscribed to the list, or more probably, an error from Mlmmj that the address is invalid.
Actual result:
--------------
Addresses are subscribed with carriage returns in them that are then difficult to remove!
Description: ------------ Mlmmj accepts too much for its commandline arguments at times. E.g. using mlmmj-sub a carriage return can be accepted at the end of an email address and be subscribed. Test script: --------------- $_REQUEST['address'] comes from a textarea: $addressA = explode("\n", $_REQUEST['address']); foreach ($addressA as $a) { exec("sudo /usr/bin/mlmmj-sub -L /var/spool/mlmmj/listname/ -a {$a} -s"); } Expected result: ---------------- Either a sanitised address subscribed to the list, or more probably, an error from Mlmmj that the address is invalid. Actual result: -------------- Addresses are subscribed with carriage returns in them that are then difficult to remove!