Docs: another note on quoting data for lookups

author Jeremy Harris <jgh146exb@wizmail.org>

Fri, 21 Jul 2023 09:35:19 +0000 (10:35 +0100)

committer Jeremy Harris <jgh146exb@wizmail.org>

Fri, 21 Jul 2023 09:42:52 +0000 (10:42 +0100)
author Jeremy Harris <jgh146exb@wizmail.org>
Fri, 21 Jul 2023 09:35:19 +0000 (10:35 +0100)
committer Jeremy Harris <jgh146exb@wizmail.org>
Fri, 21 Jul 2023 09:42:52 +0000 (10:42 +0100)
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt

index 9eb0b6b564eb3be5fe396b880b4be4453114dc54..7a28d81071a00fbc5d8a6f5b111904ff80356900 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -7378,10 +7378,15 @@ of the following form is provided:
  .code
  ${quote_<lookup-type>:<string>}
  .endd
-For example, the safest way to write the NIS+ query is
+For example, the way to write the NIS+ query is
  .code
  [name="${quote_nisplus:$local_part}"]
  .endd
+.cindex "tainted data" "in lookups"
+.new
+&*All*& tainted data used in a quoery-style lookup must be quoted
+using a mechanism appropriate for the lookup type.
+.wen
  See chapter &<<CHAPexpand>>& for full coverage of string expansions. The quote
  operator can be used for all lookup types, but has no effect for single-key
  lookups, since no quoting is ever needed in their key strings.
author	Jeremy Harris <jgh146exb@wizmail.org>
	Fri, 21 Jul 2023 09:35:19 +0000 (10:35 +0100)
committer	Jeremy Harris <jgh146exb@wizmail.org>
	Fri, 21 Jul 2023 09:42:52 +0000 (10:42 +0100)