On 24-sep-2006, at 3:05, Aaron Stone wrote:
On Sat, Sep 23, 2006, Paul J Stevens <[EMAIL PROTECTED]> said:
Leander Koornneef wrote:
Hi all,
I think I've discoverd a bug in the forward.c code. I've only
reproduced
it on a dbmail 1.2 system, but the bug may very well be present
in the 2.x
code.
This was fixed some time ago already. Variables used in
constructing the
forwarding commands are passed through address parsing and
shell-escaping filters.
It's fixed in trunk in pipe.c (forward.c no longer exists) but is
still an
issue in 2.0. So Leander's right that we should fix pipe.c and
forward.c
(locations of the popen calls) in dbmail_2_0_branch.
I've just committed a patch to the 2.0 branch containing a backport
of the
dm_shellesc function from trunk to take care of escaping in forward.c
I now see that we've forgotten to patch the popen calls in pipe.c;
will do...
Leander
