Ralph SOBEK <sobek(_at_)irit(_dot_)fr> writes:
I ressurected an old procmail script of mine, which works in a
different context (recovering new URLs), but seems that it cannot fail
here:
:0
*$ LINES ?? ()$From:\/.*${NAME}.*$
{
FROM = $MATCH
:0 A
*$ ? $GREP -s "'"${FROM}"'" $DIR/${NAME}*
{
FOUND = 1
}
:0 E
{
FOUND
}
}
Now, simply this script is called within another, and one of the
possibilities for LINES is the entire "From: " line. In this case, if
the e-mail is from a particular person, whose name comes in as NAME,
then if a GREP finds a previous e-mail with the same From: line in the
files under $DIR/${NAME}*, then FOUND is set to 1, and otherwise it is
unset. Variables are initalized to:
GREP = "/bin/fgrep"
DIR = "$HOME/mail/Family"
I assume From=From, given the first condition, no?
Anyway, the real problem is that you're doing variable expansion _twice_
on the command line of the grep command:
*$ ? $GREP -s "'"${FROM}"'" $DIR/${NAME}*
Conditions using the '?' special always have one level of variable
expansion performed on them before they are executed or passed to the
shell. The '$' causes a round of expansion to take place before that,
fouling up the situation and leading to a security hole. Consider that
would happen if someone sent you a message that hit this whole recipe
that had a ';' in the From: line. Yep, they could run any command as
you. This is a Bad Thing.
The solution is to pull the '$' and then fix the quoting:
* ? fgrep -s "$FROM" $DIR/${NAME}*
You only needed the single quotes because of the double expansion.
Note that variable expansion takes place before file expansion, so the
'*' will work correctly here.
It is almost always a mistake to use the '?' and '$' specials together.
Philip Guenther
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail