<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class="">
<br class=""><div><blockquote type="cite" class=""><div class="">On Mar 3, 2016, at 4:33 AM, Eythor G. Thorsteinsson <<a href="mailto:eythort@menandmice.com" class="">eythort@menandmice.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252" class="">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
Hi,
<div class=""><br class="">
</div>
<div class="">the autocomplete="off" is actually ignored by most if not all modern browsers on password fields. </div>
<div class=""><br class="">
</div>
<div class="">See for instance the last paragraph here: <a href="https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion" class="">https://developer.mozilla.org/en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion</a></div></div></div></blockquote><div><br class=""></div><div>It’s also a terrible idea. People with password managers are more likely to have a complex password. “Punishing” them by trying to disable saving the password is a terrible idea.</div><div><br class=""></div><div>Charles</div><br class=""><blockquote type="cite" class=""><div class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div class=""><br class="">
</div>
<div class="">--Eythor</div>
<div class=""><br class="">
<div class="">
<blockquote type="cite" class="">
<div class="">On 03 Mar 2016, at 09:16, Der PCFreak <<a href="mailto:mailinglists@pcfreak.de" class="">mailinglists@pcfreak.de</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class=""><tt style="font-family: 'Courier New'; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);" class="">Hi,<br class="">
<br class="">
<tt style="font-family: 'Courier New';" class="">the following patch in /opt/zendto/templates/login.tpl mitigates the minor problem of password autocompletion through login.php:<br class="">
<br class="">
<tt style="font-family: 'Courier New';" class="">< <td><input type="password" id="passwordField" name="password" size="15" value=""/></td><br class="">
---<br class="">
> <!-- <td><input type="password" id="passwordField" name="password" size="15" value=""/></td> --><br class="">
> <td><input type="password" id="passwordField" name="password" size="15" value=""<font color="#009900" class=""><span class="Apple-converted-space"> </span>autocomplete="off"</font>/></td><br class="">
<br class="">
Greets<br class="">
<br class="">
<tt style="font-family: 'Courier New';" class="">PCFreak</tt><br class="">
</tt></tt></tt><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);" class="">
<div class="moz-cite-prefix" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);">
On 03.03.2016 08:19, Der PCFreak wrote:<br class="">
</div>
<blockquote cite="mid:56D7E59D.6070200@pcfreak.de" type="cite" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);" class="">
<tt style="font-family: 'Courier New';" class="">Hi Jules,<br class="">
<br class="">
<tt style="font-family: 'Courier New';" class="">thanks for the qui<tt style="font-family: 'Courier New';" class="">ck fix in pickup.php<br class="">
<br class="">
<tt style="font-family: 'Courier New';" class="">But there seem to b<tt style="font-family: 'Courier New';" class="">e still some proble<tt style="font-family: 'Courier New';" class="">ms<span class="Apple-converted-space"> </span><tt style="font-family: 'Courier New';" class="">in<span class="Apple-converted-space"> </span><tt style="font-family: 'Courier New';" class="">pickup.php
concerning the 'auth'<span class="Apple-converted-space"> </span><tt style="font-family: 'Courier New';" class="">parameter</tt></tt></tt>:<br class="">
<br class="">
<tt style="font-family: 'Courier New';" class="">Reflected Cross-Site Scripting<br class="">
------------------------------<br class="">
pickup.php<br class="">
The auth parameter was submitted with the value "--><script>prompt(12345)</script>1t58l<!--, and the string was echoed verbatim in the output, showing that there is a reflected XSS vulnerability.<br class="">
<br class="">
pickup.php<br class="">
The auth parameter was submitted with the value "--><script>prompt(12345)</script>KBY7h<!--, and the string was echoed verbatim in the output, showing that there is a reflected XSS vulnerability.<br class="">
<br class="">
HTML Injection<br class="">
--------------<br class="">
pickup.php<br class="">
The auth parameter was submitted with the value <h1>hsusx</h1>, and this value was echoed back verbatim in the resulting page.<br class="">
<br class="">
pickup.php<br class="">
The auth parameter was submitted with the value <h1>8pamj</h1>, and this value was echoed back verbatim in the resulting page.<br class="">
<br class="">
<br class="">
</tt>Also an additional problem was found that might be eas<tt style="font-family: 'Courier New';" class="">y to fix:<br class="">
<tt style="font-family: 'Courier New';" class=""><br class="">
Autocomplete Enabled on Password Field<br class="">
--------------------------------------<br class="">
index.php?action=login<br class="">
Enabling autocomplete on a password field could allow the browser to store a user's password in plain text and show it to anyone using the same computer.<br class="">
Add 'autocomplete=off' to every password field or login form on the site.</tt><br class="">
</tt><br class="">
<br class="">
There are some more minor problems<tt style="font-family: 'Courier New';" class="">, too!<br class="">
<br class="">
<tt style="font-family: 'Courier New';" class="">The fix from<span class="Apple-converted-space"> </span><tt style="font-family: 'Courier New';" class="">yesterday for pickup.php only fixed<br class="">
<br class="">
<tt style="font-family: 'Courier New';" class="">2 Refelected Cross-Site Scripting<br class="">
<tt style="font-family: 'Courier New';" class="">2 HTML<tt style="font-family: 'Courier New';" class=""><span class="Apple-converted-space"> </span>Injection<br class="">
<br class="">
<tt style="font-family: 'Courier New';" class="">vulnerabilities.</tt><br class="">
</tt></tt></tt></tt></tt><br class="">
<tt style="font-family: 'Courier New';" class="">Jules, I could send you the entire report via private mail if you want to take a look at it and keep it confidential.<br class="">
<br class="">
<tt style="font-family: 'Courier New';" class="">And please correct me, if<span class="Apple-converted-space"> </span><tt style="font-family: 'Courier New';" class="">I am wrong with the above!</tt></tt><br class="">
<br class="">
<tt style="font-family: 'Courier New';" class="">Kind regards and thanks for<span class="Apple-converted-space"> </span><tt style="font-family: 'Courier New';" class="">your work</tt><br class="">
<br class="">
<tt style="font-family: 'Courier New';" class=""><tt style="font-family: 'Courier New';" class="">PCFreak</tt></tt><br class="">
</tt></tt></tt><br class="">
<br class="">
<br class="">
</tt></tt></tt></tt></tt></tt><br class="">
<div class="moz-cite-prefix">On 02.03.2016 18:06, Jules wrote:<br class="">
</div>
<blockquote cite="mid:56D71DB2.3070103@Zend.To" type="cite" class="">Hi guys!<br class="">
<br class="">
Sorry about this one. The fault isn't actually in that line, it's just below it where it says this:<br class="">
<br class="">
<small class=""><tt style="font-family: 'Courier New';" class=""> if ( isset($recipEmail) && ! preg_match($theDropbox->validEmailRegexp(),$recipEmail) ) {</tt><tt style="font-family: 'Courier New';" class=""><br class="">
</tt><tt style="font-family: 'Courier New';" class=""> $emailAddr = 'INVALID';</tt><tt style="font-family: 'Courier New';" class=""><br class="">
</tt><tt style="font-family: 'Courier New';" class=""> }</tt></small><br class="">
<br class="">
Those 2 "$recipEmail" should of course both be "$emailAddr".<br class="">
<br class="">
I did carefully check the email address was valid, but put in the wrong variable name to check. :-(<br class="">
My bad.<br class="">
<br class="">
That should fix it. No need to restart httpd or anything, just save the file and reload the page.<br class="">
<br class="">
Cheers,<br class="">
Jules.<br class="">
<br class="">
P.S. Sorry I haven't done an update in *ages*. 2 questions: (1) What other outstanding bugs/patches are there?, and (2) Is it worth me re-writing the areyouahuman CAPTCHA code for their new one, or is everyone happy with the Google one (reCAPTCHA) that is there
already?<br class="">
<br class="">
<div class="moz-cite-prefix">On 02/03/2016 15:28, Karl Bundy wrote:<br class="">
</div>
<blockquote cite="mid:a9b2f059d6424b84b0a3afa5fc891203@MBX03B-IAD3.mex08.mlsrvr.com" type="cite" class="">
<div class="WordSection1" style="page: WordSection1;">
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">
<span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class="">Hi everyone,<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">
<span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class=""><o:p class=""> </o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">
<span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class="">It appears that the issue is due to the fact that the email querystring variable is not being sanitized before being used. I am not a skilled programmer, but
I was able to make this simple change to the pickup.php file and it appears to have resolved this XSS issue. Please use this at your own risk, as it appears to work for me, but your mileage may vary ;)<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">
<span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class=""><o:p class=""> </o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">
<span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class="">In the pickup.php file change this line:<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">
<span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class=""><o:p class=""> </o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">
<span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class="">$emailAddr = isset($_POST['emailAddr'])?$_POST['emailAddr']:(isset($_GET['emailAddr'])?$_GET['emailAddr']:NULL);<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">
<span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class=""><o:p class=""> </o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">
<span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class="">to this:<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">
<span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class=""><o:p class=""> </o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">
<span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class="">$emailAddr = str_replace('"','',isset($_POST['emailAddr'])?$_POST['emailAddr']:(isset($_GET['emailAddr'])?$_GET['emailAddr']:NULL));<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">
<span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class=""><o:p class=""> </o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">
<span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class=""><o:p class=""> </o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">
<span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class="">Save the file, and then test again.<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">
<span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class=""><o:p class=""> </o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">
<span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class=""><o:p class=""> </o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">
<span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class="">---Karl Bundy<o:p class=""></o:p></span></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">
<span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125);" class=""><o:p class=""> </o:p></span></div>
<div class="">
<div style="border-style: solid none none; border-top-color: rgb(225, 225, 225); border-top-width: 1pt; padding: 3pt 0in 0in;" class="">
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">
<b class=""><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: windowtext;" class="">From:</span></b><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: windowtext;" class=""><span class="Apple-converted-space"> </span><a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:zendto-bounces@zend.to" style="color: purple; text-decoration: underline;">zendto-bounces@zend.to</a><span class="Apple-converted-space"> </span>[<a moz-do-not-send="true" class="moz-txt-link-freetext" href="mailto:zendto-bounces@zend.to" style="color: purple; text-decoration: underline;">mailto:zendto-bounces@zend.to</a>]<span class="Apple-converted-space"> </span><b class="">On
Behalf Of<span class="Apple-converted-space"> </span></b>Der PCFreak<br class="">
<b class="">Sent:</b><span class="Apple-converted-space"> </span>Wednesday, March 02, 2016 6:10 AM<br class="">
<b class="">To:</b><span class="Apple-converted-space"> </span><a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:zendto@zend.to" style="color: purple; text-decoration: underline;">zendto@zend.to</a><br class="">
<b class="">Subject:</b><span class="Apple-converted-space"> </span>Re: [ZendTo] XSS<o:p class=""></o:p></span></div>
</div>
</div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">
<o:p class=""> </o:p></div><p class="MsoNormal" style="margin: 0in 0in 12pt; font-size: 12pt; font-family: 'Times New Roman', serif;">
<tt style="font-family: 'Courier New';" class=""><span style="font-size: 10pt;" class="">Hi,</span></tt><span style="font-size: 10pt;" class=""><br class="">
<br class="">
<tt style="font-family: 'Courier New';" class="">Barracuda offers their "Barracuda Vulnerability Manager" for free at the moment and I tested it.</tt><br class="">
<tt style="font-family: 'Courier New';" class=""><a moz-do-not-send="true" href="https://bvm.barracudanetworks.com/" style="color: purple; text-decoration: underline;" class="">https://bvm.barracudanetworks.com/</a></tt><br class="">
<br class="">
<br class="">
<tt style="font-family: 'Courier New';" class="">Here some of the results pointed at my ZendTo installation:</tt><br class="">
<br class="">
<br class="">
<tt style="font-family: 'Courier New';" class="">Reflected Cross-Site Scripting</tt><br class="">
<tt style="font-family: 'Courier New';" class="">==============================</tt><br class="">
<tt style="font-family: 'Courier New';" class=""><a moz-do-not-send="true" href="https://your.url.tld/pickup.php" style="color: purple; text-decoration: underline;" class="">https://your.url.tld/pickup.php</a></tt><br class="">
<tt style="font-family: 'Courier New';" class="">Issue Detail</tt><br class="">
<tt style="font-family: 'Courier New';" class="">The emailAddr parameter was submitted with the value "--><script>prompt(12345)</script>lNYCi<!--, and the string was echoed verbatim in the output, showing that there is a reflected XSS vulnerability.</tt><br class="">
<br class="">
<tt style="font-family: 'Courier New';" class=""><a moz-do-not-send="true" href="https://your.url.tld/pickup.php" style="color: purple; text-decoration: underline;" class="">https://your.url.tld/pickup.php</a></tt><br class="">
<tt style="font-family: 'Courier New';" class="">Issue Detail</tt><br class="">
<tt style="font-family: 'Courier New';" class="">The auth parameter was submitted with the value "--><script>prompt(12345)</script>HyNzQ<!--, and the string was echoed verbatim in the output, showing that there is a reflected XSS vulnerability.</tt><br class="">
<br class="">
<tt style="font-family: 'Courier New';" class=""><a moz-do-not-send="true" href="https://your.url.tld/pickup.php" style="color: purple; text-decoration: underline;" class="">https://your.url.tld/pickup.php</a></tt><br class="">
<tt style="font-family: 'Courier New';" class="">Issue Detail</tt><br class="">
<tt style="font-family: 'Courier New';" class="">The emailAddr parameter was submitted with the value "--><script>prompt(12345)</script>x7RXs<!--, and the string was echoed verbatim in the output, showing that there is a reflected XSS vulnerability.</tt><br class="">
<br class="">
<tt style="font-family: 'Courier New';" class=""><a moz-do-not-send="true" href="https://your.url.tld/pickup.php" style="color: purple; text-decoration: underline;" class="">https://your.url.tld/pickup.php</a></tt><br class="">
<tt style="font-family: 'Courier New';" class="">Issue Detail</tt><br class="">
<tt style="font-family: 'Courier New';" class="">The auth parameter was submitted with the value "--><script>prompt(12345)</script>WqYcq<!--, and the string was echoed verbatim in the output, showing that there is a reflected XSS vulnerability.</tt><br class="">
<br class="">
<tt style="font-family: 'Courier New';" class="">HTML-Injection</tt><br class="">
<tt style="font-family: 'Courier New';" class="">==============</tt><br class="">
<tt style="font-family: 'Courier New';" class=""><a moz-do-not-send="true" href="https://your.url.tld/pickup.php" style="color: purple; text-decoration: underline;" class="">https://your.url.tld/pickup.php</a></tt><br class="">
<tt style="font-family: 'Courier New';" class="">Issue Detail</tt><br class="">
<tt style="font-family: 'Courier New';" class="">The emailAddr parameter was submitted with the value <h1>tjkgr</h1>, and this value was echoed back verbatim in the resulting page.</tt><br class="">
<br class="">
<tt style="font-family: 'Courier New';" class=""><a moz-do-not-send="true" href="https://your.url.tld/pickup.php" style="color: purple; text-decoration: underline;" class="">https://your.url.tld/pickup.php</a></tt><br class="">
<tt style="font-family: 'Courier New';" class="">Issue Detail</tt><br class="">
<tt style="font-family: 'Courier New';" class="">The auth parameter was submitted with the value <h1>xt90x</h1>, and this value was echoed back verbatim in the resulting page.</tt><br class="">
<br class="">
<tt style="font-family: 'Courier New';" class=""><a moz-do-not-send="true" href="https://your.url.tld/pickup.php" style="color: purple; text-decoration: underline;" class="">https://your.url.tld/pickup.php</a></tt><br class="">
<tt style="font-family: 'Courier New';" class="">Issue Detail</tt><br class="">
<tt style="font-family: 'Courier New';" class="">The emailAddr parameter was submitted with the value <h1>zrjja</h1>, and this value was echoed back verbatim in the resulting page.</tt><br class="">
<tt style="font-family: 'Courier New';" class="">View Full HTTP Request and Response</tt><br class="">
<br class="">
<tt style="font-family: 'Courier New';" class=""><a moz-do-not-send="true" href="https://your.url.tld/pickup.php" style="color: purple; text-decoration: underline;" class="">https://your.url.tld/pickup.php</a></tt><br class="">
<tt style="font-family: 'Courier New';" class="">Issue Detail</tt><br class="">
<tt style="font-family: 'Courier New';" class="">The auth parameter was submitted with the value <h1>anhxx</h1>, and this value was echoed back verbatim in the resulting page.</tt><br class="">
<br class="">
<tt style="font-family: 'Courier New';" class="">Kind regards</tt><br class="">
<br class="">
<tt style="font-family: 'Courier New';" class="">PCFreak</tt><br class="">
<br class="">
<br class="">
<br class="">
<br class="">
</span><o:p class=""></o:p></p>
<div class="">
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">
On 01.03.2016 20:14, Chris Venter wrote:<o:p class=""></o:p></div>
</div>
<blockquote style="margin-top: 5pt; margin-bottom: 5pt;" class="">
<div class="">
<div class="">
<div class="">
<div class="">
<div class="">
<div class=""><p class="MsoNormal" style="margin: 0in 0in 12pt; font-size: 12pt; font-family: 'Times New Roman', serif;">
Hi<span class="Apple-converted-space"> </span><o:p class=""></o:p></p>
</div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">
Our security audit has highlighted a possible reflected cross site scripting error on the pickup.php page,to test we ran<span class="Apple-converted-space"> </span><br class="">
<br class="">
<a moz-do-not-send="true" href="https://server_name/pickup/php?emailAddr=test" target="_blank" style="color: purple; text-decoration: underline;" class="">https://server_name/pickup/php?emailAddr=test</a>" /><script>alert('XSS Test')</script><o:p class=""></o:p></div>
</div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">
<o:p class=""> </o:p></div>
</div><p class="MsoNormal" style="margin: 0in 0in 12pt; font-size: 12pt; font-family: 'Times New Roman', serif;">
Can anyone else confirm if this is an issue?<o:p class=""></o:p></p>
</div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">
Thanks<o:p class=""></o:p></div>
</div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">
CJ<o:p class=""></o:p></div>
</div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">
<br class="">
<br class="">
<br class="">
<o:p class=""></o:p></div>
<pre style="margin: 0in 0in 0.0001pt; font-size: 10pt; font-family: 'Courier New';" class="">_______________________________________________<o:p class=""></o:p></pre>
<pre style="margin: 0in 0in 0.0001pt; font-size: 10pt; font-family: 'Courier New';" class="">ZendTo mailing list<o:p class=""></o:p></pre>
<pre style="margin: 0in 0in 0.0001pt; font-size: 10pt; font-family: 'Courier New';" class=""><a moz-do-not-send="true" href="mailto:ZendTo@zend.to" style="color: purple; text-decoration: underline;" class="">ZendTo@zend.to</a><o:p class=""></o:p></pre>
<pre style="margin: 0in 0in 0.0001pt; font-size: 10pt; font-family: 'Courier New';" class=""><a moz-do-not-send="true" href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto" style="color: purple; text-decoration: underline;" class="">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a><o:p class=""></o:p></pre>
</blockquote>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif;" class="">
<o:p class=""> </o:p></div>
</div>
<br class="">
<fieldset class="mimeAttachmentHeader"></fieldset><br class="">
<pre wrap="" style="margin: 0in 0in 0.0001pt; font-size: 10pt; font-family: 'Courier New';" class="">_______________________________________________
ZendTo mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:ZendTo@zend.to" style="color: purple; text-decoration: underline;">ZendTo@zend.to</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto" style="color: purple; text-decoration: underline;">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a></pre>
<br class="">
<pre class="moz-signature" cols="72" style="margin: 0in 0in 0.0001pt; font-size: 10pt; font-family: 'Courier New';">Jules
--
Julian Field MEng MBCS CITP CEng
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="http://www.zend.to/" style="color: purple; text-decoration: underline;">www.Zend.To</a>
Twitter: @JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
</pre>
</blockquote>
<br class="">
<fieldset class="mimeAttachmentHeader"></fieldset><br class="">
<pre wrap="" style="margin: 0in 0in 0.0001pt; font-size: 10pt; font-family: 'Courier New';" class="">_______________________________________________
ZendTo mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:ZendTo@zend.to" style="color: purple; text-decoration: underline;">ZendTo@zend.to</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto" style="color: purple; text-decoration: underline;">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a></pre>
</blockquote>
<br class="">
</blockquote>
<br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);" class="">
<span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); float: none; display: inline !important;" class="">_______________________________________________</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);" class="">
<span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); float: none; display: inline !important;" class="">ZendTo
mailing list</span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);" class="">
<span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); float: none; display: inline !important;" class=""><a href="mailto:ZendTo@zend.to" class="">ZendTo@zend.to</a></span><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255);" class="">
<span style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); float: none; display: inline !important;" class=""><a href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto" class="">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a></span></div>
</blockquote>
</div>
<br class="">
</div>
</div>
_______________________________________________<br class="">ZendTo mailing list<br class=""><a href="mailto:ZendTo@zend.to" class="">ZendTo@zend.to</a><br class="">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</div></blockquote></div><br class=""></body></html>