On Wed, 17 Jun 2020, admin--- via Exim-dev wrote:
> https://bugs.exim.org/show_bug.cgi?id=2601
>
> --- Comment #2 from martynas@??? ---
> Yes, but why do we trust message body then? Like:
> if $message_body matches "...."
> then
> seen finish
> endif
>
> The thing I don't get - why is $message_body safer than $sender_address_domain
> ?
As I understand it, the result of "matches" is untainted,
since the answer is effectively a boolean.
Your system filter line
if $sender_address_domain: is
is not a complete statement.
"is" comes between two arguments and its result is also untainted.
--
Andrew C. Aitchison Kendal, UK
andrew@???
