Closed Bug 190340 Opened 22 years ago Closed 22 years ago

Browese "Send Page" should sanity check/sanitize attachment name

Categories

(MailNews Core :: Composition, defect)

Product:
MailNews Core
Component:
Composition
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 190343

People

(Reporter: daveb, Assigned: bugzilla)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2.1) Gecko/20021130 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2.1) Gecko/20021130 If you go to a URL with a nasty long value and do send page, the attachment file name generated is that of the nasty URL. There are two problems seen. (1) it is awkward for the recipient to save w/o renaming; (2) intermediate mail servers with virus detection may treat it as insane attachment and delete it. Example: send page of http://foo.bar.com/HTML/iburdtcorcl.jsp?jttst0=1439458_61637%2C61637%2C-1%2C0%2C&ibudnr=25&jtfm0=_0_0_0_-1_f_nv_&ibucr=5OgKRm7l&etfm1=&ibudf=DD-MON-RRRR&kmcp=0QaHKm7l&jfn=ZG52A12159B0836F627EADDD9E4FFF9B7E214450C14E2B8DA3DF27509B8736EAFECB6B25EC2D4FBDF7CAB31C17DD0644A04E results in an attachment name of foo.bar.com-HTML-iburdt01.jsp-foo=bar&jtfm0=_0_0_0_-1_f_nv_&ibucr=np2pk6dY&etfm1=&ibudf=DD-MON-RRRR&kmcp=irWmd6dY&jfn=ZGDF627D49277A897847263DE5DBEC2E0B91FABD7941683B3481A5F9AFB837DA9719E9F7DD23C59AF65CADDB058B9C6C0B49&srID=1253513 which has been seen to provoke virus complaint of: A (EMail_Flaw_MIME_Tag_Overflow) virus was detected in the file "suspicious long filename tag" inside of a message bound for your account on 01/22/2003 22:56:45. The following action was taken: deleted. Reproducible: Always Steps to Reproduce: 1. Find a site with long encoded URL 2. Send Page Actual Results: Look at the attachment file name that is generated. Hmm, long, with encodings. Expected Results: It should have restricted the generated name to a 'safe' character set with a limited length; Or it might default the name to something innocuous like 'SentPage' rather than using the URL in the name at all, similar to mail 'save as file' defaulting to 'message.eml' 1.2.1
*** This bug has been marked as a duplicate of 190343 ***
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
v
Status: RESOLVED → VERIFIED
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.