Re: [exim] Quoting questions

Top Pagina
Delete this message
Reply to this message
Auteur: Steffen Heil (Mailinglisten)
Datum:  
Aan: exim-users@exim.org
Onderwerp: Re: [exim] Quoting questions
Hi

> 1) address_data = ${lookup{$local_part@$domain}lsearch*@{FILE
> }{$value}fail}
> 2) server_secret =

${extract{pass}{${lookup{$1}lsearch{FILE}{$value}fail}}}
> 3) server_condition = "${if
> eq{$2}{${extract{pass}{${lookup{$1}lsearch{FILE}{$value}fail}}}}{1}{0}}"
> 4) driver = redirect data = ${expand:${extract{forward}{$address_data}}}


Sorry, I forgot one case:

5) driver = pipe command = /folder/${extract{trigger}{$address_data}}.sh
${extract{trigger_param}{$address_data}{$value}{}}

While I know that "trigger" will always contain safe data, I cannot be sure
about trigger_param.
I am not using a shell from the exim side, but the targets are .sh-scripts,
implicitly invoking a shell.

What do I have to do to make those arguments safe?
Against exim string expansion and against shell expansion (I am not sure, if
it applies in this scenario anyways).

Regards,
Steffen