Details | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 95 | magnus | 1 | --- a/Greylisting.pm |
| 2 | +++ b/Greylisting.pm |
||
| 3 | @@ -21,6 +21,7 @@ package Greylisting; |
||
| 4 | |||
| 5 | use strict; |
||
| 6 | use Mail::SpamAssassin::Plugin; |
||
| 7 | +use Mail::SpamAssassin::Util qw(untaint_var); |
||
| 8 | use NetAddr::IP; |
||
| 9 | use File::Path qw(mkpath); |
||
| 10 | our @ISA = qw(Mail::SpamAssassin::Plugin); |
||
| 11 | @@ -71,9 +72,17 @@ sub greylisting |
||
| 12 | } |
||
| 13 | Mail::SpamAssassin::Plugin::dbg("GREYLISTING: called function"); |
||
| 14 | |||
| 15 | - $optionhash =~ s/;/,/g; |
||
| 16 | - # This is safe, right? (users shouldn't be able to set it in their config) |
||
| 17 | - %option=eval $optionhash; |
||
| 18 | + while ($optionhash =~ /(?:\G(?<!^)|^\s*\()\s*(?>(?<quot1>['"])(?<opt>.*?)\g{quot1}) |
||
| 19 | + \s*=>\s* |
||
| 20 | + (?>(?<quot2>['"])(?<val>.*?)\g{quot2} |
||
| 21 | + | |
||
| 22 | + (?<val>-?(?:\d+(?:\.\d*)?|(?:\d*\.)?\d+)) |
||
| 23 | + )\s*(?:;?\s*\)\s*$|;(?!$))/gxc) { |
||
| 24 | + $option{$+{opt}} = untaint_var($+{val}); |
||
| 25 | + } |
||
| 26 | + if ((pos($optionhash) // 0) < length $optionhash) { |
||
| 27 | + die "Syntax error"; |
||
| 28 | + } |
||
| 29 | $self->{'rangreylisting'}=1; |
||
| 30 | |||
| 31 | foreach my $reqoption (qw ( method greylistsecs dontgreylistthreshold |