[wip]: stupid approach for tainted:<var>

diff --git a/src/src/expand.c b/src/src/expand.c
index 291db426abb19e0517d1c5e89b53f0701f5158ec..ba5e0fd4a02ab94169937f21f1cbf84433ca1cb2 100644 (file)
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -357,7 +357,8 @@ static uschar *cond_table[] = {
   US"pwcheck",
   US"queue_running",
   US"radius",
-  US"saslauthd"
+  US"saslauthd",
+  US"tainted"
 };
 
 enum {
@@ -410,7 +411,8 @@ enum {
   ECOND_PWCHECK,
   ECOND_QUEUE_RUNNING,
   ECOND_RADIUS,
-  ECOND_SASLAUTHD
+  ECOND_SASLAUTHD,
+  ECOND_TAINTED
 };
 
 
@@ -2562,6 +2564,7 @@ switch(cond_type = identify_operator(&s, &opname))
   /* def: tests for a non-empty variable, or for the existence of a header. If
   yield == NULL we are in a skipping state, and don't care about the answer. */
 
+  case ECOND_TAINTED:
   case ECOND_DEF:
     {
     uschar * t;
@@ -2599,12 +2602,12 @@ switch(cond_type = identify_operator(&s, &opname))
       if (!(t = find_variable(name, TRUE, yield == NULL, NULL)))
        {
        expand_string_message = name[0]
-         ? string_sprintf("unknown variable \"%s\" after \"def:\"", name)
-         : US"variable name omitted after \"def:\"";
+         ? string_sprintf("unknown variable \"%s\" after \"%s:\"", name, cond_type == ECOND_DEF ? "def" : "tainted")
+         : string_sprintf("variable name omitted after \"%s:\"", cond_type == ECOND_DEF ? "def" : "tainted");
        check_variable_error_message(name);
        return NULL;
        }
-      if (yield) *yield = (t[0] != 0) == testfor;
+      if (yield) *yield = (cond_type == ECOND_DEF ? (t[0] != 0) : is_tainted(name)) == testfor;
       }
 
     return s;