From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-Status: No, score=-3.6 required=3.0 tests=AWL,BAYES_00, RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 4D4991F5AE; Sat, 4 Jul 2020 20:33:12 +0000 (UTC) Received: from in01.mta.xmission.com ([166.70.13.51]) by out02.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jroqV-0004Br-5X; Sat, 04 Jul 2020 14:33:11 -0600 Received: from ip68-227-160-95.om.om.cox.net ([68.227.160.95] helo=x220.xmission.com) by in01.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.87) (envelope-from ) id 1jroqU-0005l4-DW; Sat, 04 Jul 2020 14:33:10 -0600 From: ebiederm@xmission.com (Eric W. Biederman) To: Eric Wong Cc: meta@public-inbox.org References: <87imf4qn87.fsf@x220.int.ebiederm.org> <20200703233032.GA5810@dcvr> <20200704202525.GA19556@dcvr> Date: Sat, 04 Jul 2020 15:28:34 -0500 In-Reply-To: <20200704202525.GA19556@dcvr> (Eric Wong's message of "Sat, 4 Jul 2020 20:25:25 +0000") Message-ID: <87a70fnhxp.fsf@x220.int.ebiederm.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1jroqU-0005l4-DW;;;mid=<87a70fnhxp.fsf@x220.int.ebiederm.org>;;;hst=in01.mta.xmission.com;;;ip=68.227.160.95;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX18lFRSvgBZ+irp/AMpC4vZ3ItauIOHkX5o= X-SA-Exim-Connect-IP: 68.227.160.95 X-SA-Exim-Mail-From: ebiederm@xmission.com Subject: Re: [PATCH] t/import: test for nasty characters X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com) List-Id: Eric Wong writes: > Eric Wong wrote: >> "Eric W. Biederman" wrote: >> > - $name =~ tr/<>//d; >> > + $name =~ tr/\n\r<>$/ /d; >> >> Is getting rid of '$' an effort to avoid double interpolation by Perl? >> Perl won't recursively expand variables AFAIK. > > I'm not seeing the purpose in $ being grouped with the > characters (test below confirms it, I think). What I think we should be doing is any characters that are not a valid part of a name (as defined by the appropriate email RFCs) should be dealt with. I am pretty certain $ isn't of those characters that is valid in a name. Otherwise I suspect this will be a game of whack-a-mole as new weird and strange cases crop up. Maybe I am just paranoid, but right now the code seems a bit too liberal in what it accepts. Eric