https://bugs.exim.org/show_bug.cgi?id=2623
Jeremy Harris <jgh146exb@???> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |ALREADY_FIXED
--- Comment #2 from Jeremy Harris <jgh146exb@???> ---
No, it only fails when you specify the DB file with the lookup SQL, and there
is a tainted variable involved (anywhere in the whole string).
What's happened is that the word "select" has been taken as the filename for
the DB, overriding the sqlite_dbfile setting. To avoid this, reword the list
entry as a string-expansion lookup:
sqlite_dbfile = /some/thing/sqlitedb
domainlist relay_to_domains = ${lookup sqlite \
{select '*' from relays where ip='$sender_host_address'}}
The coding in that area has already been changed, since 4.94, to require a
leading slash in specifying a filename. Without that change, the example as
given is unusable.
If you're building from source, you need at least commit 4a7dca5235.
Closing as already dealt with.
--
You are receiving this mail because:
You are on the CC list for the bug.
