<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<meta content="text/html;charset=ISO-8859-2" http-equiv="Content-Type">
<body bgcolor="#ffffff" text="#000000">
chasd, 09.03.04 18:58:
<pre wrap="">On Mar 4, 2009, at 10:56 AM, till wrote:
<pre wrap="">Maybe we need a wiki page.
@Charles, would you be so kind and start on one? I'd contribute some
findings as well.
Tell me where you'd like it, looking at the existing structure, a
logical place doesn't pop out at me.
To the wiki, and to better understading of the problem I recommend this<br>
The guy is still working on it, I gave hime some hints, and will give
after I experiment with the info on fileinfo provided by chasd. (Hey
man, how do<br>
you know that? I couldn't find that info in any documentation!)<br>
I mentioned a patch:<br>
<a class="moz-txt-link-freetext" href="http://trac.roundcube.net/attachment/ticket/1485311/mime-detect.patch">http://trac.roundcube.net/attachment/ticket/1485311/mime-detect.patch</a><br>
this was the base, but in the meantime I started using Trac more
The same proposal I made, and description of problem:<br>
<a class="moz-txt-link-freetext" href="http://trac.roundcube.net/ticket/1485311">http://trac.roundcube.net/ticket/1485311</a><br>
And the resolution by thomasb<br>
<a class="moz-txt-link-freetext" href="http://trac.roundcube.net/changeset/2313">http://trac.roundcube.net/changeset/2313</a><br>
with a hard-coded map, they way I was thinking.<br>
So as I said I'll start digging deeper and experimenting with fileinfo,<br>
to get the best solution we can.<br>
chasd, you wrote<br>
"Hmmm, that made my security radar do a beep. Trusting user input isn't
"First, trusting the mime-type from the client is very dangerous.
But guys, the security part of this is out of the scope of RC I think...<br>
If the user sends something bogus by playing with the extension, who
There are so many ways to do that without RC. Okay, we should try
SPAM and VIRUS filters, but this is their task IMHO.<br>