You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2009/08/06 21:20:04 UTC

[Bug 5958] URIDetail plugin not taint safe

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5958


Mark Martinec <Ma...@ijs.si> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|Undefined                   |3.3.0




--- Comment #1 from Mark Martinec <Ma...@ijs.si>  2009-08-06 12:20:02 PST ---
There should probably be some explicit untainting done in the
pluging by calling untaint_var, as rules data is now kept in
its tainted form. I wonder why we haven't come across this
more often - is this code section used at all in regular usage?

Attaching the proposed test will simplify resolution...

-- 
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.