The word &"set"& at the start of a line, followed by a single space,
is recognised specially as defining a value for a variable.
+.new
+.cindex "tainted data" "expansion testing"
+If the sequence &",t"& is inserted before the space,
+the value is marked as tainted.
+.wen
The syntax is otherwise the same as the ACL modifier &"set ="&.
.cmdopt -bem <&'filename'&>
4. The recipients_max main option is now expanded.
+ 5. Setting variables for "exim -be" can set a tainted value.
+
Version 4.97
------------
static BOOL
acl_data_to_cond(const uschar * s, acl_condition_block * cond,
- const uschar * name, uschar ** error)
+ const uschar * name, BOOL taint, uschar ** error)
{
if (*s++ != '=')
{
return FALSE;;
}
Uskip_whitespace(&s);
-cond->arg = string_copy(s);
+cond->arg = taint ? string_copy_taint(s, GET_TAINTED) : string_copy(s);
return TRUE;
}
"endpass" has no data */
if (c != ACLC_ENDPASS)
- if (!acl_data_to_cond(s, cond, name, error)) return NULL;
+ if (!acl_data_to_cond(s, cond, name, FALSE, error)) return NULL;
}
return yield;
uschar *
-acl_standalone_setvar(const uschar * s)
+acl_standalone_setvar(const uschar * s, BOOL taint)
{
acl_condition_block * cond = store_get(sizeof(acl_condition_block), GET_UNTAINTED);
uschar * errstr = NULL, * log_msg = NULL;
cond->next = NULL;
cond->type = ACLC_SET;
if (!acl_varname_to_cond(&s, cond, &errstr)) return errstr;
-if (!acl_data_to_cond(s, cond, US"'-be'", &errstr)) return errstr;
+if (!acl_data_to_cond(s, cond, US"'-be'", taint, &errstr)) return errstr;
if (acl_check_condition(ACL_WARN, cond, ACL_WHERE_UNKNOWN,
NULL, 0, &endpass_seen, &errstr, &log_msg, &e) != OK)
if (macro_read_assignment(big_buffer))
printf("Defined macro '%s'\n", mlast->name);
}
+else if (Ustrncmp(big_buffer, "set,t ", 6) == 0)
+ printf("%s\n", acl_standalone_setvar(big_buffer+6, TRUE));
else if (Ustrncmp(big_buffer, "set ", 4) == 0)
- printf("%s\n", acl_standalone_setvar(big_buffer+4));
+ printf("%s\n", acl_standalone_setvar(big_buffer+4, FALSE));
else
if ((s = expand_string(big_buffer))) printf("%s\n", CS s);
else printf("Failed: %s\n", expand_string_message);
extern int acl_check(int, const uschar *, uschar *, uschar **, uschar **);
extern uschar *acl_current_verb(void);
extern int acl_eval(int, uschar *, uschar **, uschar **);
-extern uschar *acl_standalone_setvar(const uschar *);
+extern uschar *acl_standalone_setvar(const uschar *, BOOL);
extern tree_node *acl_var_create(uschar *);
extern void acl_var_write(uschar *, uschar *, void *);
git://git.exim.org / exim.git / commitdiff