You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2009/08/06 21:20:04 UTC
[Bug 5958] URIDetail plugin not taint safe
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5958
Mark Martinec <Ma...@ijs.si> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|Undefined |3.3.0
--- Comment #1 from Mark Martinec <Ma...@ijs.si> 2009-08-06 12:20:02 PST ---
There should probably be some explicit untainting done in the
pluging by calling untaint_var, as rules data is now kept in
its tainted form. I wonder why we haven't come across this
more often - is this code section used at all in regular usage?
Attaching the proposed test will simplify resolution...
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.