From 3cda6050b7c8f73e7fd86f88efc5cd42d0c13f73 Mon Sep 17 00:00:00 2001 From: Eric Wong Date: Thu, 3 Mar 2016 03:16:58 +0000 Subject: use raw header for Message-ID Message-IDs should not be MIME encoded, but in case they are, use the raw form for compatibility with ssoma and possibly other tools. This prevents a potential problem where a malicious client could confuse our storage layer into indexing incorrect contents. --- lib/PublicInbox/WWW.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/PublicInbox/WWW.pm') diff --git a/lib/PublicInbox/WWW.pm b/lib/PublicInbox/WWW.pm index 2acb4c83..369be686 100644 --- a/lib/PublicInbox/WWW.pm +++ b/lib/PublicInbox/WWW.pm @@ -147,8 +147,8 @@ sub invalid_list_mid { if ($mid = mid2blob($ctx)) { require Email::Simple; use PublicInbox::MID qw/mid_clean/; - $mid = Email::Simple->new($mid); - $ctx->{mid} = mid_clean($mid->header('Message-ID')); + my $s = Email::Simple->new($mid); + $ctx->{mid} = mid_clean($s->header('Message-ID')); } } undef; -- cgit v1.2.3-24-ge0c7