Re: [exim] de-tainting

Top Pagina
Delete this message
Reply to this message
Auteur: Kurt Jaeger
Datum:  
Aan: exim-users
Onderwerp: Re: [exim] de-tainting
Hi!

> That fact that string sub-sitution and matching parts don't even work
> now is a real problem...
>
> data = ${expand:"|/command -c ${if match
> {$local_part}{.*foo[\-\+]([a-z0-9]+).*}{$1}{}}"}


One thing I'll test is if we hand values over to perl, maybe
we'll get back untainted value...

Or did me beat someone to that already ? 8-}

-- 
pi@???            +49 171 3101372                    Now what ?