Re: [exim] 4.94 - De-tainting without lookup?

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Robert Blayzor
Ημερομηνία:  
Προς: exim-users
Αντικείμενο: Re: [exim] 4.94 - De-tainting without lookup?
Why can't a string be considered "de-tainted" if you run it through
string substitution....

Why is this still invalid?

sms_gateway:
driver = redirect
allow_fail = true
allow_defer = true
data = ${expand:"|SMS_CMD -c ${sg{$local_part}{^foo\+(\d+)}{\$1}}"}
file_transport = address_file
pipe_transport = address_pipe


Where I am just stripping digits (or maybe digits and letters only) and
returning that as part of the string. That data should be considered
de-tainted.


This whole string de-tainting force switch has broken a LOT of stuff.
Why was there not a deprecated option with log warning this was coming?
At least an option to turn it on/off until it was forced retirement in
a later version?



On 6/27/20 5:53 AM, Jeremy Harris via Exim-users wrote:
> On 26/06/2020 08:50, Matthias Hörmann via Exim-users wrote:
>>> # save copy of outgoing messages
>>> traffic_tap_save_copy:
>>> driver = appendfile
> ...
>>> create_directory = true
>>> directory = /var/mailarchive/outgoing/$sender_address_domain/$sender_address_local_part/$domain/$local_part/
>
> # directory must exist
> route_traffic_tap:
>  driver = redirect
> ...
>  set r_dir = ${lookup {$sender_address_domain}     dsearch,ret=full {/var/mailarchive/outgoing}}
>  set r_dir = ${lookup {$sender_address_local_part} dsearch,ret=full {$r_dir}}
>  set r_dir = ${lookup {$domain}                    dsearch,ret=full {$r_dir}}
>  set r_dir = ${lookup {$local_part}                dsearch,ret=full {$r_dir}}
>  data = $local_part@$domain, $r_dir/
>  directory_transport = traffic_tap_save_copy
> ...

>
> # directory is already set
> traffic_tap_save_copy:
> driver = appendfile
>