Garikoitz Araolaza reported some problems he was having with his Squishdot sites being used to send spam. This article contains a fix…

The basic problem is one of Squishdot’s mail_html templating being used to generate the stream sent to the SMTP server. As a result, that stream contained data supplied in the posting that wasn’t being adequately cleansed.

The file attached to this article solves this problem and should be used to replace the distributed version.

In addition, all instantiated Squishdot sites should have their mail_html templates fixed. If you haven’t changed this template, just replace it with the contents on the attached file.

If you have, it’s the first four lines that need to be carefully checked.

NB: You will not have been sending any spam unless you’ve noticed a load of weird postings to any of your Squishdot sites that contain what look like SMTP headers in the ’email’ or ‘title’ field.

If you have any questions, comments or can still find a way to send spam with Squishdot, please ask away…

cheers,

Chris

Will there be another Squishdot release?
by Toni Andjelkovic on Saturday April 08, 02:03PM, 2006
Hi Chris,

will there ever be an updated version of Squishdot? The most recent version is from 2003, which is quite old considering the amount of changes that happened in Zope. Also, Squishdot won’t run on 2.8.4 without some nasty patching AFAIK.

Cheers,
Toni
[ Reply to this ]
Only if someone really wants it 😉
by Chris Withers on Monday April 10, 05:57PM, 2006
Well, there have been plenty of changes in Zope, but Squishdot has been robust enough that it’s not been affected by those changes so far!

The patches for 2.8.4 aren’t so nasty. Try with Zope 2.9, you might not even need them.

I’m going to be moving my production instance onto Zope 2.9 soon, so if there really is a need, there will be a release then…

cheers,

Chris
[ Reply to this ]
Re: Only if someone really wants it 😉
by mike on Monday March 12, 04:07PM, 2007
I have not been able to get Squishdot to work in Zope 2.9. Will try the patch for 2.8.4 and see what happens.
[ Reply to this ]
Squishdot works fine with 2.9.3
by Chris Withers on Monday March 12, 04:17PM, 2007
Hi there,

Do lemme know what problems, specifically, you’re having…

Squishdot.org runs on a Zope 2.9.3 and uses the version available from SourceForge:

http://squishdot.svn.sourceforge.net/viewvc/squishdot/Squishdot/trunk/

I suppose I should really do a release at some stage…

Chris