Re: [exim] 4.94 - taint - generic workaround

Góra strony
Delete this message
Reply to this message
Autor: Evgeniy Berdnikov
Data:  
Dla: exim-users
Temat: Re: [exim] 4.94 - taint - generic workaround
On Sun, Jul 19, 2020 at 08:28:34PM +0200, Marcin Gryszkalis via Exim-users wrote:
> select regexp_replace('${quote_mysql:$authenticated_id}',
> '[^A-Za-z0-9_.-]', '') }}/${tod_logfile}
>
> I know I could just use
>     file = /archive/from-${lookup mysql {
> select '${quote_mysql:$authenticated_id}'}}/${tod_logfile}
> but I wanted example which matches proposed "detaint" function.


Try:

 ${lookup {string} nwildlsearch,ret=key {/run/detaint}\
       {expr-if-matched}{expr-if-fail}}


where /run/detaint is file with character filter, in your case it may be
a single string with regex ^[\w\.\-]$ or

^[A-Za-z0-9_\.\-]+$

PS. In Linux /run is memory-mapped fs, so hard disk is never touched.
--
Eugene Berdnikov