I have an email in the form of:

[... more header stuff ...]
Status: RO
X-Status: 
X-Keywords:                    
X-UID: 1

: INTERNET:email@example.com wrote:

 > blah blah blah blah

blah blah blah

The first line of the body - starting with :, is improperly considered a Mailhandler command line. Due to lack of input checking, this would then attempt to set $node->'' to the string (since there's no command word here). The attached patch does a check to ensure that the command word exists before attempting to assign to $node. This patch DOES NOT attempt to add the erroneous line back to the body (primarily because I didn't investigate how). I'm not sure your feelings on this.

CommentFileSizeAuthor
#3 null_command_word_d6.patch780 bytesmorbus iff
null_command_word.patch757 bytesmorbus iff

Comments

morbus iff’s picture

morbus iff
they/them
commented
Status: Active » Needs review
moshe weitzman’s picture

moshe weitzman commented
Status: Needs review » Patch (to be ported)

committed to D5. Won't apply to D6 ... Thanks.

morbus iff’s picture

morbus iff
they/them
commented
Version: 5.x-1.x-dev » master
Status: Patch (to be ported) » Needs review
StatusFileSize
new null_command_word_d6.patch780 bytes

Same patch. Untested. (Note: there's no Version for 6.x-dev).

moshe weitzman’s picture

moshe weitzman commented
Status: Needs review » Fixed

committed without testing :)

project module still hasn't published the 6.x-dev release so no Version here just yet.

Anonymous’s picture

Anonymous (not verified) commented
Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.