]> git.ipfire.org Git - thirdparty/dovecot/core.git/commit
projects / thirdparty / dovecot / core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4b7957c) | patch
auth: Make sure %{mech} and %{session} is escaped in %var expansion.
authorTimo Sirainen <tss@iki.fi>
Fri, 29 May 2015 17:55:58 +0000 (20:55 +0300)
committerTimo Sirainen <tss@iki.fi>
Fri, 29 May 2015 17:55:58 +0000 (20:55 +0300)
commitde2cba085b9b231135be953d7f34f74fefb82725
tree8b424a4be8e2a89f7e7c3be63f8ee147ad2e041ctree | snapshot
parent4b7957c5e995f2c1820891d77a292a4886d52a43commit | diff
auth: Make sure %{mech} and %{session} is escaped in %var expansion.
%{mech} is already very trusted and %{session} should be only from trusted
sources as well, so this doesn't fix any actual security holes. They are
also unlikely to have ever even been used in anything that requires
escaping.
src/auth/auth-request-var-expand.c diff | blob | blame | history
Mirror of https://github.com/dovecot/core.git