You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2004/04/20 20:21:47 UTC
Re: check_message_text(messageA) and quotes in messageA
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Joe Flowers writes:
> Hello All! Please help me with this nagging problem....
>
> sprintf(messageAforSA, "my $status = $spamobj->check_message_text(\"%s\");",
> messageA);
>
> If messageA has ANY quotation marks (") in it then, SpamAssassin will puke
> up and say that
> "Can't call method "Mail::SpamAssassin::PerMsgStatus::get_required_hits" on
> an undefined value."
Any way you can pass in an SV instead of interpolating it into an
eval'd piece of code like that? That's kludgy, to be honest,
and could open you up to security nastiness.
I'd suggest doing it the right way -- creating an SV with newSVpvx()
or similar. See perldoc perlapi, perlguts for more details...
- --j.
> To get around this problem, I have replaced every " in messageA with ',
> before sending it to check_message_text().
> However, this cannot be optimal, as this would surely skew the test results
> that the SpamAssassin developers have worked so hard to make right.
>
> Any ideas how to escape the " marks properly? I'm skeptical that \" is the
> way to go here and besides it seems sub-optimal to have to replace every
> single " char in messageA with two chars (\").
>
> As a possible alternative, how can I create a correct object from messageA
> to feed to $spamobj->check() instead of $spamobj->check_message_text()?
>
> Thanks!
>
> Joe
>
> P.S. More details:
>
> SuSE Linux 9
> SpamAssassin 2.63
> perl -v: v5.8.1 built for i586-linux-thread-multi
> uname -a: Linux spamtest 2.4.21-202-smp4G #1 SMP Fri Apr 2 21:32:50 UTC 2004
> i686 i686 i386 GNU/Linux
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS
iD8DBQFAhWo6QTcbUG5Y7woRAr2cAJkBfSsoVzr4geIlt8KAvrwXyULsbQCeNgt2
bQ6ydsYQ+AcoTlIyvdw4Qv4=
=uAIo
-----END PGP SIGNATURE-----
Re: check_message_text(messageA) and quotes in messageA
Posted by Joe Flowers <fl...@social.chass.ncsu.edu>.
Thanks for the pointer Justin!!!! I'll get on it.
Thanks!!!!
Joe
----- Original Message -----
From: "Justin Mason" <jm...@jmason.org>
To: "Joe Flowers" <fl...@social.chass.ncsu.edu>
Cc: <sp...@incubator.apache.org>; <jo...@ncsu.edu>
Sent: Tuesday, April 20, 2004 2:21 PM
Subject: Re: check_message_text(messageA) and quotes in messageA
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Joe Flowers writes:
> > Hello All! Please help me with this nagging problem....
> >
> > sprintf(messageAforSA, "my $status =
$spamobj->check_message_text(\"%s\");",
> > messageA);
> >
> > If messageA has ANY quotation marks (") in it then, SpamAssassin will
puke
> > up and say that
> > "Can't call method "Mail::SpamAssassin::PerMsgStatus::get_required_hits"
on
> > an undefined value."
>
> Any way you can pass in an SV instead of interpolating it into an
> eval'd piece of code like that? That's kludgy, to be honest,
> and could open you up to security nastiness.
>
> I'd suggest doing it the right way -- creating an SV with newSVpvx()
> or similar. See perldoc perlapi, perlguts for more details...
>
> - --j.
>
> > To get around this problem, I have replaced every " in messageA with ',
> > before sending it to check_message_text().
> > However, this cannot be optimal, as this would surely skew the test
results
> > that the SpamAssassin developers have worked so hard to make right.
> >
> > Any ideas how to escape the " marks properly? I'm skeptical that \" is
the
> > way to go here and besides it seems sub-optimal to have to replace every
> > single " char in messageA with two chars (\").
> >
> > As a possible alternative, how can I create a correct object from
messageA
> > to feed to $spamobj->check() instead of $spamobj->check_message_text()?
> >
> > Thanks!
> >
> > Joe
> >
> > P.S. More details:
> >
> > SuSE Linux 9
> > SpamAssassin 2.63
> > perl -v: v5.8.1 built for i586-linux-thread-multi
> > uname -a: Linux spamtest 2.4.21-202-smp4G #1 SMP Fri Apr 2 21:32:50 UTC
2004
> > i686 i686 i386 GNU/Linux
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: Exmh CVS
>
> iD8DBQFAhWo6QTcbUG5Y7woRAr2cAJkBfSsoVzr4geIlt8KAvrwXyULsbQCeNgt2
> bQ6ydsYQ+AcoTlIyvdw4Qv4=
> =uAIo
> -----END PGP SIGNATURE-----
>
>
>