Re: [exim] Does exim4's `${sqlite_quote ... }` expansion de-…

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M\MAndrew C Aitchison at <-
MMMNick at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: Nick, Nick via Exim-users, exim-users
Subject: Re: [exim] Does exim4's `${sqlite_quote ... }` expansion de-taint the expanded value?
On 19 August 2022 17:04:22 BST, Nick via Exim-users <exim-users@???> wrote:
>Hello Exim users,
>
>I've a problem with Sqlite lookups and tainting.

>> My suspicion therefore is that it's actually the presence of
>> |$local_part| in the query which is the problem, and not the
>filename

>Is anyone here able to help with this question?


See the preferred syntax at

http://exim.org/exim-html-current/doc/html/spec_html/ch-file_and_database_lookups.html#SECTsqlite

The older syntax was unsuitable
for distinguishing the taint status of
the filename and the query string.

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Does exim4's `${sqlite_quote ... }` expansion de-taint the expanded value?Re: [exim] Tainted arg 2 for mailman_transport transport command->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)