Thanks for the pointer Justin!!!! I'll get on it.
Thanks!!!!
Joe
----- Original Message -----
From: "Justin Mason" <[EMAIL PROTECTED]>
To: "Joe Flowers" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, April 20, 2004 2:21 PM
Subject: Re: check_message_text(messageA) and quotes in messageA
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Joe Flowers writes:
> > Hello All! Please help me with this nagging problem....
> >
> > sprintf(messageAforSA, "my $status =
$spamobj->check_message_text(\"%s\");",
> > messageA);
> >
> > If messageA has ANY quotation marks (") in it then, SpamAssassin will
puke
> > up and say that
> > "Can't call method "Mail::SpamAssassin::PerMsgStatus::get_required_hits"
on
> > an undefined value."
>
> Any way you can pass in an SV instead of interpolating it into an
> eval'd piece of code like that? That's kludgy, to be honest,
> and could open you up to security nastiness.
>
> I'd suggest doing it the right way -- creating an SV with newSVpvx()
> or similar. See perldoc perlapi, perlguts for more details...
>
> - --j.
>
> > To get around this problem, I have replaced every " in messageA with ',
> > before sending it to check_message_text().
> > However, this cannot be optimal, as this would surely skew the test
results
> > that the SpamAssassin developers have worked so hard to make right.
> >
> > Any ideas how to escape the " marks properly? I'm skeptical that \" is
the
> > way to go here and besides it seems sub-optimal to have to replace every
> > single " char in messageA with two chars (\").
> >
> > As a possible alternative, how can I create a correct object from
messageA
> > to feed to $spamobj->check() instead of $spamobj->check_message_text()?
> >
> > Thanks!
> >
> > Joe
> >
> > P.S. More details:
> >
> > SuSE Linux 9
> > SpamAssassin 2.63
> > perl -v: v5.8.1 built for i586-linux-thread-multi
> > uname -a: Linux spamtest 2.4.21-202-smp4G #1 SMP Fri Apr 2 21:32:50 UTC
2004
> > i686 i686 i386 GNU/Linux
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: Exmh CVS
>
> iD8DBQFAhWo6QTcbUG5Y7woRAr2cAJkBfSsoVzr4geIlt8KAvrwXyULsbQCeNgt2
> bQ6ydsYQ+AcoTlIyvdw4Qv4=
> =uAIo
> -----END PGP SIGNATURE-----
>
>
>
