> I weren't completely sure if this issue has low priority because I don't know > if there are valid use cases for such filenames or if this problem is a > symptom of a higher priority problem.
It is a slight problem in that it can be used to inject remote commands from a filename, but even so they are pretty much harmless. > Btw: Another low priority issue is the possibility to add quotes in the > filename to change some messages: […] This should be another issue, but actually I don't think it is an issue, and what can we do? There will always be a way of naming a file that results in a confusing message if that message contains the filename. We could perform some escaping, but thus we wouldn't show the *actual* filename. Maybe we could somehow make that italics or so so that it stands out better… not sure it's worth it if it's not super easy. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/geany/geany/issues/2207#issuecomment-508828773
