On Mon, May 04, 2026 at 10:01:34AM +0200, Vincent Lefevre wrote:
On 2026-05-04 15:29:15 +0800, Kevin J. McCarthy wrote:Elsewhere in the mutt_save_attachment_list() flow, care is taken to use the basename, but not in the most basic case.It almost seems deliberate, but if so I think it's a poor choice. Always use the basename. Don't allow a distracted user to accidentally save random files elsewhere in their filesystem.BTW, in the mail I received, the slashes were actually part of a date as often written in French: "03/05/2026". I'm wondering whether the RFCs give a special meaning to the slashes for the filename value (such as a directory separator, which should be ignored), i.e. whether this is an error from the sender (who used slashes in an incorrect manner) or slashes should rather be replaced by another character on the MUA side. Some non-POSIX systems use another character as a directory separator (e.g. "\" on MS-DOS/Windows, "." on RISC OS), so that the filename in question from the mail could be regarded as being a fully valid filename on such systems if the RFCs do not say anything special. So, here (as on other systems where the directory separator is "/"), replacing the "/" by another character could be an alternative solution in order to keep more information from the mail.
I'll take a look this weekend. One concern I have is that the save attachment logic is shared in the compose menu (bound to "C"), which passes in the full path name of the attachment.
-- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
signature.asc
Description: PGP signature
