Docs: add note on non-functionality of "exists" for de-tainting

[users/heiko/exim.git] / doc / doc-docbook / spec.xfpt

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 0ffc88c586de290ca44112325baa7b62a6e02a64..d981f623019a4c2fa7f7610ca392232a810365e1 100644 (file)
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -11656,6 +11656,11 @@ condition is true if the named file (or directory) exists. The existence test
 is done by calling the &[stat()]& function. The use of the &%exists%& test in
 users' filter files may be locked out by the system administrator.
 
+.new
+&*Note:*& Testing a path using this condition is not a sufficient way of
+de-tainting it.
+.wen
+
 .vitem &*first_delivery*&
 .cindex "delivery" "first"
 .cindex "first delivery"