https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7065
John Hardin <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #3 from John Hardin <[email protected]> --- (In reply to Mark Martinec from comment #1) > > - dbg("bayes: DB journal sync: last sync: ".$vars[7],'bayes','-1'); > > + dbg("bayes: DB journal sync: last sync: ".$vars[7]); > > That's still not the right way to do it. I didn't suggest that it was a complete or correct solution to the underlying problem, only that it might make SA stop blowing up in a way that killed Bayes... :) > The (tainted) $vars[7] is treated > as part of a sprintf format string, which is unsafe and is the reason > for the original failure. Right. > Instead, it should be an argument to a %s: > > - dbg("bayes: DB journal sync: last sync: ".$vars[7],'bayes','-1'); > + dbg("bayes: DB journal sync: last sync: %s", $vars[7]); As $vars[7] is a number I was also thinking of something like $vars[7] =~ /\d+/ just before that dbg() call to untaint it, but your proposal is probably better and simpler overall. +1. > Not sure what was the purpose of 'bayes','-1' arguments. > Looks like some leftover. Agreed, that's why I suggested removing them as a q'n'd fix. -- You are receiving this mail because: You are the assignee for the bug.
