https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7065
--- Comment #1 from Mark Martinec <[email protected]> --- > - dbg("bayes: DB journal sync: last sync: ".$vars[7],'bayes','-1'); > + dbg("bayes: DB journal sync: last sync: ".$vars[7]); That's still not the right way to do it. The (tainted) $vars[7] is treated as part of a sprintf format string, which is unsafe and is the reason for the original failure. Instead, it should be an argument to a %s: - dbg("bayes: DB journal sync: last sync: ".$vars[7],'bayes','-1'); + dbg("bayes: DB journal sync: last sync: %s", $vars[7]); Not sure what was the purpose of 'bayes','-1' arguments. Looks like some leftover. -- You are receiving this mail because: You are the assignee for the bug.
