On 2020-07-18 Eduardo M KALINOWSKI via Exim-users <exim-users@exim.org> wrote: > On 18/07/2020 02:22, Andreas Metzler via Exim-users wrote: [...] > > Exim specification, concept index, de-tainting.
> Except that there isn't such a section. > There's "tainted data" and inside it "de-tainting". Easily found by word > search, but not by manual search under "D". Hello, I had doublechecked that what I refered to does exist before I sent my response. ametzler@argenau:~$ w3m -dump 'https://www.exim.org/exim-html-current/doc/html/spec_html/ch-concept_index.html' | grep -A6 de-tainting de-tainting File and database lookups [Examples of different lookup syntax], File and database lookups [Lookup types], Domain, host, address, and local part lists [Domain lists], Domain, host, address, and local part lists [Domain lists], Domain, host, address, and local part lists [Domain lists] [...] > From what I can remember, even the Release notes had only brief mentions > of this new feature, which is a major breaking change. There is a pretty fat note in README.UPDATING: Exim version 4.94 ----------------- | Some Transports now refuse to use tainted data in constructing their | delivery location; this WILL BREAK configurations which are not updated | accordingly. In particular: any Transport use of $local_part which has | been relying upon check_local_user far away in the Router to make it | safe, should be updated to replace $local_part with $local_part_data. > I appreciate the > effort the development team has put in Exim over the years, and I know > that writing documentation is hard and time-consuming. But this needed > to be better documented from the start. While I agree this is true documention grows with the code, IMHO best practises are still emerging and we might still see a big hammer like quote-maximum-lenght-no-evil-characters-including-directory-separators cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/