On Sun, Jun 23, 2019 at 08:55:38AM +1000, Cameron Simpson wrote:
Returning to the quotes-in-mailcap-recipes issue, I'd be all for mutt noticing _and warning_ about mailcap entries with '%s' in them, and maybe doing an aggressive filename sanitisation at that point to provide an _unquoted_ but safe filename regardless of the source filename. One which would be safe in quotes or not.
I'm -1 on this. The manual clearly says not to add quotes, <http://www.mutt.org/doc/manual/#secure-mailcap>. While not impossible, the code would not be dead-simple either, e.g. a "poor man's nametemplate" entry like:
text/crazy; foo 'bar'%s'mysuffix'Furthermore, the filename sanitization takes place outside the function, before tmpdir generation and data copy or symlink occur. Adding the described aggressive sanitization inside mutt_rfc1524_expand_command() would simply lead to the wrong filename being in the invocation.
This is also why the existing sanitization can't be put inside for %s. If $tmpdir is set to "~/déchets", none of the resulting $tmpdir files would be readable, because the whole path is passed in.
-- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
signature.asc
Description: PGP signature
