Re: [exim] Tainted search query is not properly quoted

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Odhiambo Washington
Dátum:  
Címzett: exim-users
Tárgy: Re: [exim] Tainted search query is not properly quoted
On Sun, Mar 19, 2023 at 2:31 PM Jeremy Harris via Exim-users <
exim-users@???> wrote:

> On 19/03/2023 10:58, Odhiambo Washington via Exim-users wrote:
> >   warn  condition                = ${if eq {$acl_m_greyexpiry}{} {1}}
> >          set acl_m_dontcare = ${lookup sqlite {INSERT INTO greylist \
> >                                            VALUES ( '$acl_m_greyident', \

> >
> > '${eval10:$tod_epoch+300}', \
> >
> > '${quote_sqlite:$sender_host_address}', \
> >
> > '${quote_sqlite:$sender_helo_name}' );}}
> >
> >
> > It's not obvious to me what I haven't quoted properly.
>
> The only obvious element is your $acl_m_greyindent, since $tod_epoch
> shouldn't be derived from wire information. The debug "expand" channel
> would show you for definite.
>


That comes from this:

# Generate a hashed 'identity' for the mail, as described above.
warn set acl_m_greyident =
${hash{20}{62}{$sender_address$recipients$h_message-id:}}

What mod do I need to make on it?

Thanks

--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)