On 28/01/2021 03:20, Adam via Exim-users wrote:
There's an issue here with $local_part. Isn't it detainted by the use of local_parts to only run this if $local_part was found in the file?
No. The "lookup" (in a general sense including, relevant here, a search in a list that happens be one element that indirects to a file) done by the "localparts=" option sets a variable called "local_part_data" with an untainted value. The variable "local_part" is unchanged, carrying tainted data.
$local_part_data is blank.
At what point in the flow did you check this? -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
