When using \'s within the sig, or in a message compose, SquirrelMail ignores it unless you specify 2 \'s.
However, if you were to forward the email again, you have to make sure you add the extra \'s.
If \'s get parsed, then you could possible run arbitrary code on the server as the web server.
Will report exploit to bugtraq if you fix is posted within a week.
"if no fix is posted"
Your bug has been assigned. How quick this is resolved depends on
the severity and the probability that it might affect a large
number of users. If you were logged in at the time of submission
you wil be informed via email of this bugs status. If not, you
may check back here to see how we are doing on it. Please
remember your bug id number for quick reference.
Thanks for your help!
Please provide more detail about your IMAP server, operating
system, Version of SquirrelMail, and the circumstances which
produced the bug.
Since we could not reproduce this problem, providing the same
information will not help. Please be as specific as possible.
Some problems may require taht we make a coding effort and then
you try the new version to see the results. Thanks for your help.
After large amounts of testing, I have decided that this is no longer an issue in the latest CVS. Please update to the latest version and let me know if you still have the problem.