Seems to work. Craig
> On Nov 6, 2018, at 2:52 AM, Sam Ruby <ru...@intertwingly.net> wrote: > > I don't know what changed, and I'm traveling at the moment, but I > added a call to untaint. > > - Sam Ruby > On Mon, Nov 5, 2018 at 3:40 PM Craig Russell <apache....@gmail.com > <mailto:apache....@gmail.com>> wrote: >> >> Can we please take another look at this issue? I'm afraid it might start to >> affect account creation since no email with the vote result is being sent to >> root. >> >> Thanks, >> >> Craig >> >>> On Oct 30, 2018, at 8:00 PM, Sam Ruby <ru...@intertwingly.net> wrote: >>> >>> On Tue, Oct 30, 2018 at 10:43 PM Sam Ruby <ru...@intertwingly.net> wrote: >>>> >>>> It would be safe to do something like the following, however: >>>> >>>> @from.untaint if @from =~ /\A\w+@apache\.org\z/ >>> >>> Looks like it may be worth adding >>> >>> or @from =~ /\A"?[\s\w]+"?\s+<\w+@apache\.org>\z/ >>> >>>> - Sam Ruby >> >> Craig L Russell >> Secretary, Apache Software Foundation >> c...@apache.org <mailto:c...@apache.org> <mailto:c...@apache.org >> <mailto:c...@apache.org>> http://db.apache.org/jdo >> <http://db.apache.org/jdo> <http://db.apache.org/jdo >> <http://db.apache.org/jdo>> Craig L Russell Secretary, Apache Software Foundation c...@apache.org <mailto:c...@apache.org> http://db.apache.org/jdo <http://db.apache.org/jdo>
