> > Perhaps quote_ldap should return an untainted string? > > No, it does no real checking so would just be > an easy thing to abuse.
How would you do that? After all, originally it was introduced to prevent just that, so people need to know. Or are you talking about using quote_ldap outside the scope of ldap queries? Michael -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
