From 040494b780a1f6db9f7dba0058c29e975241c1b0 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 12 Jul 2020 13:36:10 +0100 Subject: [PATCH] Docs: add note on non-functionality of "exists" for de-tainting --- doc/doc-docbook/spec.xfpt | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 0ffc88c58..d981f6230 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -11656,6 +11656,11 @@ condition is true if the named file (or directory) exists. The existence test is done by calling the &[stat()]& function. The use of the &%exists%& test in users' filter files may be locked out by the system administrator. +.new +&*Note:*& Testing a path using this condition is not a sufficient way of +de-tainting it. +.wen + .vitem &*first_delivery*& .cindex "delivery" "first" .cindex "first delivery" -- 2.30.2