diff options
author | Jeremy Harris <jgh146exb@wizmail.org> | 2022-04-30 19:11:45 +0100 |
---|---|---|
committer | Jeremy Harris <jgh146exb@wizmail.org> | 2022-04-30 22:51:38 +0100 |
commit | 509a8839d50d1e688b794975378214cc201a9697 (patch) | |
tree | a9aea90c9d74c4de37053cf856069bf3d8026326 | |
parent | 9bed290e97e67e12c2f56ef06c8f920c0945e432 (diff) |
Docs: index detaint methods
-rw-r--r-- | doc/doc-docbook/spec.xfpt | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index cf658a46d..ef8fc6836 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -1429,6 +1429,7 @@ check an address given in the SMTP EXPN command (see the &%expn%& option). If the &%domains%& option is set, the domain of the address must be in the set of domains that it defines. .cindex "tainted data" "de-tainting" +.cindex "de-tainting" "using router domains option" A match verifies the variable &$domain$& (which carries tainted data) and assigns an untainted value to the &$domain_data$& variable. Such an untainted value is often needed in the transport. @@ -6787,6 +6788,7 @@ file that is searched could contain lines like this: When the lookup succeeds, the result of the expansion is a list of domains (and possibly other types of item that are allowed in domain lists). .cindex "tainted data" "de-tainting" +.cindex "de-tainting" "using a lookup expansion"" The result of the expansion is not tainted. In the second example, the lookup is a single item in a domain list. It causes @@ -6843,12 +6845,12 @@ lookup to succeed. The lookup type determines how the file is searched. The file string may not be tainted. .cindex "tainted data" "de-tainting" +.cindex "de-tainting" "using a single-key lookup" All single-key lookups support the option &"ret=key"&. If this is given and the lookup (either underlying implementation or cached value) returns data, the result is replaced with a non-tainted version of the lookup key. -.cindex "tainted data" "de-tainting" .next .cindex "query-style lookup" "definition of" The &'query-style'& type accepts a generalized database query. No particular @@ -8848,6 +8850,7 @@ or a &%domains%& condition in an ACL statement, the value is preserved in the &$domain_data$& variable and can be referred to in other router options or other statements in the same ACL. .cindex "tainted data" "de-tainting" +.cindex "de-tainting" "using ACL domains condition" The value will be untainted. &*Note*&: If the data result of the lookup (as opposed to the key) @@ -8889,6 +8892,7 @@ whether or not the query succeeds. However, when a lookup is used for the &%domains%& option on a router, the value is preserved in the &$domain_data$& variable and can be referred to in other options. .cindex "tainted data" "de-tainting" +.cindex "de-tainting" "using router domains option" The value will be untainted. .next @@ -11940,6 +11944,7 @@ ${if inlisti{Needle}{fOo:NeeDLE:bAr}} The variable &$value$& will be set for a successful match and can be used in the success clause of an &%if%& expansion item using the condition. .cindex "tainted data" "de-tainting" +.cindex "de-tainting" "using an inlist expansion condition" It will have the same taint status as the list; expansions such as .code ${if inlist {$h_mycode:} {0 : 1 : 42} {$value}} @@ -12149,6 +12154,7 @@ caselessly. The variable &$value$& will be set for a successful match and can be used in the success clause of an &%if%& expansion item using the condition. .cindex "tainted data" "de-tainting" +.cindex "de-tainting" "using a match_local_part expansion condition" It will have the same taint status as the list; expansions such as .code ${if match_local_part {$local_part} {alice : bill : charlotte : dave} {$value}} @@ -19033,6 +19039,7 @@ than trying to read &_/etc/passwd_& directly. This means that other methods of holding password data (such as NIS) are supported. If the local part is a local user, .cindex "tainted data" "de-tainting" +.cindex "de-tainting" "using router check_local_user option" &$local_part_data$& is set to an untainted version of the local part and &$home$& is set from the password data. The latter can be tested in other preconditions that are evaluated after this one (the order of evaluation is @@ -23305,6 +23312,7 @@ The value is used for checking instead of a home directory; checking is done in "belowhome" mode. .cindex "tainted data" "de-tainting" +.cindex "de-tainting" "using appendfile create_file option" If "belowhome" checking is used, the file or directory path becomes de-tainted. |