git://git.exim.org / users / jgh / exim.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
appendfile: taint-enforce file & directory options
[users/jgh/exim.git] / src / src / expand.c
diff --git a/src/src/expand.c b/src/src/expand.c
index cec6efd54ba2e879062c0bf0e7f369a8179657b4..fe5384ab8f09fc2ecfdf2dedea26ab7825b4691e 100644 (file)
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -213,6 +213,7 @@ static uschar *op_table_main[] = {
   US"base62d",
   US"base64",
   US"base64d",
+  US"bless",
   US"domain",
   US"escape",
   US"escape8bit",
@@ -260,6 +261,7 @@ enum {
   EOP_BASE62D,
   EOP_BASE64,
   EOP_BASE64D,
+  EOP_BLESS,
   EOP_DOMAIN,
   EOP_ESCAPE,
   EOP_ESCAPE8BIT,
@@ -7059,6 +7061,20 @@ while (*s != 0)
         continue;
         }
 
+      case EOP_BLESS:
+       /* This is purely for the convenience of the test harness.  Do not enable
+       it otherwise as it defeats the taint-checking security. */
+
+       if (f.running_in_test_harness)
+         yield = string_cat(yield, is_tainted(sub)
+                                   ? string_copy_taint(sub, FALSE) : sub);
+       else
+         {
+         DEBUG(D_expand) debug_printf_indent("bless operator not supported\n");
+         yield = string_cat(yield, sub);
+         }
+       continue;
+
       case EOP_EXPAND:
         {
         uschar *expanded = expand_string_internal(sub, FALSE, NULL, skipping, TRUE, &resetok);
Jeremy Harris' staging directory