On 6/29/20 12:18 PM, Kurt Jaeger via Exim-users wrote:
> One thing I'll test is if we hand values over to perl, maybe
> we'll get back untainted value...
>
> Or did me beat someone to that already ? 8-}
I did not test that, I would imagine that should work because how would
it really know what return values you are sending back.
I know that using sg{} or {if match {} {} {}} does not work, string
expansion fails...
Even this fails...
${if match {$local_part}{.*sms[\-\+]([a-z0-9]+).*}{$1}{}}
With expansion failure due to tainted... I'm clearly just pulling how
known safe data, so it should be considered de-tainted....
There is literally no difference vs doing some fake lookup...
--
inoc.net!rblayzor
XMPP: rblayzor.AT.inoc.net
PGP:
https://pgp.inoc.net/rblayzor/