https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7782
Henrik Krohns <apa...@hege.li> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
CC| |apa...@hege.li
Status|NEW |RESOLVED
--- Comment #1 from Henrik Krohns <apa...@hege.li> ---
Perl taint check does not have AI to decide whether someone can actually abuse
a string (wouldn't that be nice?). It's job is to simply complain if input used
in system functions is not validated.
use Mail::SpamAssassin::Util qw(untaint_var);
...
$socket = untaint_var($socket);
Of course additionally one should check if the socket even exists, what's the
point of passing garbage around to third party code. That's the validating
part.
Not SA maintained module so closing as invalid.
--
You are receiving this mail because:
You are the assignee for the bug.
