Jim, > > - substr($d,0,1), ' ', > > + untaint(substr($d,0,1)), ' ', > no, the same errors. :(
Hm, I don't see how that is possible (even without a patch). What version of modules DBI and DBD::mysql ? I'm assuming this is with MySQL. I also expect that your predefined %sql_clause is not modified in amavisd.conf. Anyone else with SQL enabled seing this? I can reproduce the failure (Insecure dependency in parameter 3) if I intentionally taint $d, but even that goes away when filtered through untaint(). Mark ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
