procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: passing args to external script in .procmailrc

2000-07-21 08:07:25
from [guenther+procmail] [Permanent Link] 
Emil Isberg <emil(_dot_)isberg(_at_)mds(_dot_)mdh(_dot_)se> writes:

 :0
 | /usr/local/bin/script.pl $From $Subject


You forgot to quote the arguments that you're passing to perl, thereby
subjecting them to word breaking and filename expansion.  It's
definitely a bug, and depending on the context, this could be a security
hole.  Always double-quote variables containing untrusted data!

   :0
   | /usr/local/bin/script.pl "$From" "$Subject"


Philip Guenther

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Outlook Exploit Filter?, Dallman Ross
Next by Date:  Re: My Files, Harry Putnam
Previous by Thread:  Re: passing args to external script in .procmailrc, Emil Isberg
Next by Thread:  Re: grabbing the sender, Zhiliang Hu
Indexes:  [Date] [Thread] [Top] [All Lists]