On Wed, 17 Jun 2020, admin--- via Exim-dev wrote:
https://bugs.exim.org/show_bug.cgi?id=2601
--- Comment #2 from [email protected] ---
Yes, but why do we trust message body then? Like:
if $message_body matches "...."
then
seen finish
endif
The thing I don't get - why is $message_body safer than $sender_address_domain
?
As I understand it, the result of "matches" is untainted,
since the answer is effectively a boolean.
Your system filter line
if $sender_address_domain: is
is not a complete statement.
"is" comes between two arguments and its result is also untainted.
--
Andrew C. Aitchison Kendal, UK
[email protected]
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim
details at http://www.exim.org/ ##
