From c2eb030f9d57890fbec6d3fe98688be71fdfb243 Mon Sep 17 00:00:00 2001
From: Lia Lenckowski <lialenck@protonmail.com>
Date: Tue, 29 Aug 2023 00:20:10 +0200
Subject: warn about sqli-type attacks with emails, and make them a bit harder

---
 fastbangs.yaml | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'fastbangs.yaml')

diff --git a/fastbangs.yaml b/fastbangs.yaml
index d184bae..1927761 100644
--- a/fastbangs.yaml
+++ b/fastbangs.yaml
@@ -20,4 +20,7 @@ admin-pw-hash: ""
 # Users can leave their email in order to be notified when their bang is
 # accepted/rejected. In order to send emails, the following command (if not
 # commented out) will receive as arguments, in order: recipient, subject, body
+# HUGE WARNING: THE ARGUMENTS ARE UNTRUSTED USER INPUT. Users can enter almost
+# everything as their email address, so not being careful can easily lead to SQLI-type
+# vulnerabilities, and possibly remote command execution, so be careful.
 #email-command: "/path/to/your/email/script"
-- 
cgit v1.2.3-70-g09d2