Re: [exim] Quoting questions

Page principale
Ce message fait partie du fil suivant :
MArborescence complète du fil triée par date
MSteffen Heil (Mailinglisten) à <-
MPhil Pennock à ->
Supprimer ce message
Répondre à ce message
Auteur: Steffen Heil (Mailinglisten)
Date:  
À: exim-users@exim.org
Sujet: Re: [exim] Quoting questions
Hi

> 1) address_data = ${lookup{$local_part@$domain}lsearch*@{FILE
> }{$value}fail}
> 2) server_secret =
${extract{pass}{${lookup{$1}lsearch{FILE}{$value}fail}}}
> 3) server_condition = "${if
> eq{$2}{${extract{pass}{${lookup{$1}lsearch{FILE}{$value}fail}}}}{1}{0}}"
> 4) driver = redirect data = ${expand:${extract{forward}{$address_data}}}

Sorry, I forgot one case:

5) driver = pipe command = /folder/${extract{trigger}{$address_data}}.sh
${extract{trigger_param}{$address_data}{$value}{}}

While I know that "trigger" will always contain safe data, I cannot be sure
about trigger_param.
I am not using a shell from the exim side, but the targets are .sh-scripts,
implicitly invoking a shell.

What do I have to do to make those arguments safe?
Against exim string expansion and against shell expansion (I am not sure, if
it applies in this scenario anyways).

Regards,
Steffen

Ce message a été envoyé sur les listes de diffusion suivantes :
Exim-users
Informations sur la liste de diffusion | Messages voisins		<-Re: [exim] Quoting questionsRe: [exim] General protection error->
Tahini and Hummus and Cumin Development Archives administré par cumin AdminsLurker (version 2.3)