Skip to content

Commit fa478c5

Browse files
committed
🍒 pick be32e71: 📚 Improve documentation of RawData arguments [backports #661]
Now that `setquota`, `store`, and `uid_store` have been fixed, there should only be two parameters that still use `RawData`: search `criteria` and fetch `attr` (and the `UID` variants). `#search` criteria (when a string) had already been documented, but this aspect of `#fetch` attr was _not_ previously documented!
1 parent ca0ca5d commit fa478c5

1 file changed

Lines changed: 11 additions & 4 deletions

File tree

‎lib/net/imap.rb‎

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2312,11 +2312,11 @@ def uid_expunge(uid_set)
23122312
# Encoded as an \IMAP date (see ::encode_date).
23132313
#
23142314
# [When +criteria+ is a String]
2315-
# +criteria+ will be sent directly to the server <em>without any
2316-
# validation or encoding</em>.
2315+
# +criteria+ will be sent to the server <em>with minimal validation and no
2316+
# encoding or formatting</em>.
23172317
#
2318-
# <em>*WARNING:* This is vulnerable to injection attacks when external
2319-
# inputs are used.</em>
2318+
# <em>*WARNING:* Although CRLF is prohibited, this is vulnerable to other
2319+
# types of attribute injection attack if unvetted user input is used.</em>
23202320
#
23212321
# ==== Supported return options
23222322
#
@@ -2637,6 +2637,13 @@ def uid_search(...)
26372637
#
26382638
# +attr+ is a list of attributes to fetch; see FetchStruct documentation for
26392639
# a list of supported attributes.
2640+
# >>>
2641+
# When +attr+ is a String, it will be sent <em>with minimal validation and
2642+
# no encoding or formatting</em>. When +attr+ is an Array, each String in
2643+
# +attr+ will be sent this way.
2644+
#
2645+
# <em>*WARNING:* Although CRLF is prohibited, this is vulnerable to other
2646+
# types of attribute injection attack if unvetted user input is used.</em>
26402647
#
26412648
# +changedsince+ is an optional integer mod-sequence. It limits results to
26422649
# messages with a mod-sequence greater than +changedsince+.

0 commit comments

Comments
 (0)