On Thu, 23 Jan 2003, Phil Pennock wrote:
> In Exim 3.36,
> Now, I could use ${escape:$h_subject} and I suspect that might be close
> enough, but I'm not sure that this should really be done. The newline
> is followed by two space characters, so this is perfectly legitimate in
> the headers.
The problem is that Exim (I'm looking at 4.12) is not clever enough to
detect this legitimacy.
> I suspect that this was introduced as a protection against malicious
> insertion of extra headers.
Yes, and confusing things like carriage-returns and other non-printing
characters. After all, RFC 2822 requires header lines to contain only
ASCII characters.
Perhaps I should educate Exim to allow through legitimate header
continuation sequences (i.e. newline followed by white space). Noted.
This will be for Exim 4, needless to say.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
