> I weren't completely sure if this issue has low priority because I don't know 
> if there are valid use cases for such filenames or if this problem is a 
> symptom of a higher priority problem.

It is a slight problem in that it can be used to inject remote commands from a 
filename, but even so they are pretty much harmless.

> Btw: Another low priority issue is the possibility to add quotes in the 
> filename to change some messages: […]

This should be another issue, but actually I don't think it is an issue, and 
what can we do?  There will always be a way of naming a file that results in a 
confusing message if that message contains the filename.  We could perform some 
escaping, but thus we wouldn't show the *actual* filename.  Maybe we could 
somehow make that italics or so so that it stands out better… not sure it's 
worth it if it's not super easy.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/geany/geany/issues/2207#issuecomment-508828773

Reply via email to