Docs: add note on non-functionality of "exists" for de-tainting

author Jeremy Harris <jgh146exb@wizmail.org>

Sun, 12 Jul 2020 12:36:10 +0000 (13:36 +0100)

committer Jeremy Harris <jgh146exb@wizmail.org>

Sun, 12 Jul 2020 12:36:10 +0000 (13:36 +0100)
author Jeremy Harris <jgh146exb@wizmail.org>
Sun, 12 Jul 2020 12:36:10 +0000 (13:36 +0100)
committer Jeremy Harris <jgh146exb@wizmail.org>
Sun, 12 Jul 2020 12:36:10 +0000 (13:36 +0100)
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt

index 0ffc88c586de290ca44112325baa7b62a6e02a64..d981f623019a4c2fa7f7610ca392232a810365e1 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -11656,6 +11656,11 @@ condition is true if the named file (or directory) exists. The existence test
  is done by calling the &[stat()]& function. The use of the &%exists%& test in
  users' filter files may be locked out by the system administrator.
  
+.new
+&*Note:*& Testing a path using this condition is not a sufficient way of
+de-tainting it.
+.wen
+
  .vitem &*first_delivery*&
  .cindex "delivery" "first"
  .cindex "first delivery"
author	Jeremy Harris <jgh146exb@wizmail.org>
	Sun, 12 Jul 2020 12:36:10 +0000 (13:36 +0100)
committer	Jeremy Harris <jgh146exb@wizmail.org>
	Sun, 12 Jul 2020 12:36:10 +0000 (13:36 +0100)