Hi,
Ok, I've now fixed this, by initialising a SQL connection once, and then using SQL ping to check if it's alive, and if it's not the give an error (I'll try and make it disconnect and reconnect later).
You really want the latter since imap connections will stay open, and the workaround would require closing the connection which could be quite expensive for the client (evolution for example synchronizes completely then)
I just realised that it may be possible to exploit the snprintf and send strange commands to the server, for this reason, the user that the plugin uses, should only be able to run the 2 procedure's. I have no idea how to make this secure, or if it is secure or not. Any ideas? (e.g. snprintf(query, 20+MAXSIGLEN, "CALL SPAM(\"%s\")", signature); If someone modifies the header, as long as it's within the MAXSIGLEN then they can effect the query?)
Yeah, good point. But luckily dspam signatures are fairly good in that they'll always match the re "^[A-Za-z0-9,]*$" so you can check against that... Indeed, I think it always consists of only numbers and the optional userid separated off with a comma, but above RE should work always. So just check that each character is alphanumeric or a comma and return an error otherwise.
johannes