https://gitlab.synchro.net/main/sbbs/-/commit/25cc55869dba898628ffc538
Modified Files:
web/lib/forum.ssjs web/root/msgs/attachments.ssjs inline.ssjs msgframe.ssjs web/root/sajax-forum/body.xjs
Log Message:
Sanity check message base codes before calling MsgBase constructor
This prevents odd-ball message base files (i.e. 0-length *.shd, *.sid, files) from being created in the 'ctrl' directory from malformed or malcious HTTP[S] requests, as reported by Deuce.
I don't know the exact HTTP requests that triggered these errant message base creations, but this should help prevent it from happening again. Though, really, this code isn't really supported by anyone any longer (use ecWeb instead).
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net