lib-var-expand: Reset safe state when transfer is unset

Otherwise unsafe content is treated safe.

diff --git a/src/lib-var-expand/test-var-expand.c b/src/lib-var-expand/test-var-expand.c
index 7f2ea421458206b5951a24b39a4b0deda0efc29b..1b7d898d34f85578407cffb17ece988d1bb84122 100644 (file)
--- a/src/lib-var-expand/test-var-expand.c
+++ b/src/lib-var-expand/test-var-expand.c
@@ -776,6 +776,7 @@ static void test_var_expand_escape(void)
                { .key = "escape", .value = "'hello' \"world\"", },
                { .key = "first", .value = "bobby" },
                { .key = "nasty", .value = "\';-- SELECT * FROM bobby.tables" },
+               { .key = "feisty", .value = "' OR '1'='1" },
                VAR_EXPAND_TABLE_END
        };
 
@@ -829,7 +830,9 @@ static void test_var_expand_escape(void)
                        .out = "Program size exceeds maximum of 8192 bytes",
                        .ret = -1,
                },
-
+               /* safe filter */
+               { .in = "%{feisty}", "'\\' OR \\'1\\'=\\'1'", .ret = 0 },
+               { .in = "%{clean|safe} and %{feisty}", "hello world and '\\' OR \\'1\\'=\\'1'", .ret = 0 },
        };
 
        const struct var_expand_params params = {

diff --git a/src/lib-var-expand/var-expand.c b/src/lib-var-expand/var-expand.c
index b17c589d548ad8e07bdc867e5b9135b41e8ab528..1959e3a19a14a914811e08de734a5166d82ed51f 100644 (file)
--- a/src/lib-var-expand/var-expand.c
+++ b/src/lib-var-expand/var-expand.c
@@ -338,6 +338,7 @@ void var_expand_state_set_transfer(struct var_expand_state *state, const char *v
 void var_expand_state_unset_transfer(struct var_expand_state *state)
 {
        str_truncate(state->transfer, 0);
+       state->transfer_safe = FALSE;
        state->transfer_set = FALSE;
 }