From f67cff9b17798b41429e8382ffd15f4d1a2b854f Mon Sep 17 00:00:00 2001 From: Patrick McDermott Date: Tue, 12 Mar 2019 12:08:10 -0400 Subject: ob_set_substvar(): Don't allow "_" in variable names The character was allowed due to the details of the implementation, but the SPF 2.0 specification doesn't allow it. --- diff --git a/lib/control.sh b/lib/control.sh index 5be3fbe..a792486 100644 --- a/lib/control.sh +++ b/lib/control.sh @@ -207,10 +207,10 @@ ob_set_substvar() fi # Convert variable name to uppercase and validate. - name="$(echo "${name}" | tr 'a-z-' 'A-Z_')" - case "${name}" in *[!A-Z0-9_]* | '') + case "${name}" in *[!A-Za-z0-9-]* | '') return 125 esac + name="$(echo "${name}" | tr 'a-z-' 'A-Z_')" # Trim leading and trailing whitespace from value. read -r value <<-EOF -- cgit v0.9.1