Re: [Exim] extract problems with digits in smtp-auth

Pàgina inicial
Delete this message
Reply to this message
Autor: robert rotman
Data:  
A: Tamas TEVESZ
CC: exim-users
Assumpte: Re: [Exim] extract problems with digits in smtp-auth
On Wed, 28 Feb 2001, Tamas TEVESZ wrote:

> On Wed, 28 Feb 2001, robert rotman wrote:
>
>  > (${lookup mysql{select password from table where
>  >    username='${extract{1}{#}{$2}}' and
>  >    domain='${extract{2}{#}{$2}}'}{$value}fail}
>  > )

>
> as the very bare minimum __always__ use quote_mysql. (not sure if it's
> related, it could even be. recommended reading is the rfp2k01 advisory
> by rfp, which discusses *sql and unchecked user input from a web'n
> stuff related point of view, most certainy applies to any such
> situation - like this one).
>


sorry, i forgot to mention:
i did the quote_mysql but i did not include this in my email because i
thought it's clearer to understand in this way.
('${quote_mysql:${extract{1}{#}{$2}}})

anyway, there is the same effect.

robert