S.F.E. Support

[kristina]

I added some more checking to the routine in RemindMe (and several other scripts) that send mail. Latest version is 3.0.9a. Please upgrade:

http://tesol.net/scripts/RemindMe/

Here's the announcement from the list:

---
Hi, folks. This is a SECURITY announcement for RemindMe.
It was recently brought to my attention that under certain
circumstances, one of my other scripts, CGI-Subscribe,
could be hijacked by spammers to send spam out! I have been
trying to audit all my scripts that send mail, and have
tightened up RemindMe so that hopefully this won't happen.

Please, PLEASE, upgrade to version 3.0.9a:

http://tesol.net/scripts/RemindMe/

I strongly recommend that if you're not going to upgrade,
you discontinue using RemindMe altogether. I hate to sound
like that, but I'm really serious about bugs like this, and
I don't want you to get spammerized.

The bug fix doesn't add any new features or configuration
stuff, and should just drop in over the old version of
RemindMe.

If you are handy with code, you can look in "sub send_mail" and
right after this bit of code:

local($toemail,$toname,$fromemail,$fromname,
$replytoemail,$replytoname,$subject,
$message,$mail_server_hostname,$this_server_hostname,$opsys,
$htmlmail) = @_;

add this:

my($testaddr);
foreach $testaddr (split(/,/, "toemail,toname,fromemail,fromname,replytoemail,replytoname,subject")) {
${$testaddr} =~ s/\r//sg;
${$testaddr} =~ s/\n//sg;
${$testaddr} =~ s/\r\n//sg;
${$testaddr} =~ s/\015//sg;
${$testaddr} =~ s/\012//sg;
${$testaddr} =~ s/\015\012//sg;
${$testaddr} =~ s/\s+/ /sg;
}

Please, please, let me know if you have any questions, or
need help upgrading. I am ready and willing to help!

Thanks!

(By the way, if you haven't seen the site lately, don't
be alarmed: I've redesigned it, added a discussion forum, etc,
but it's still me!)

Kristina