Ticket 151 - strip leading '-' for mailcap sanitize

Kevin J. McCarthy kevin at 8t8.us
Fri Jun 21 19:09:19 UTC 2019


<https://gitlab.com/muttmua/mutt/issues/151> noticed that a leading '-' 
is not stripped from filenames, which could lead to them being 
interpreted as command arguments.

This seems like a good idea, and I'm a bit surprised no one has noticed 
it before.

Perhaps the "expected" behavior is putting '--' before the %s, but 
neither the sample mailcap or manual mention that.  So I would think 
it's a good idea to add the protection to mutt instead.

Is this an oversight, or am I missing something?

Thanks,

-- 
Kevin J. McCarthy
GPG Fingerprint: 8975 A9B3 3AA3 7910 385C  5308 ADEF 7684 8031 6BDA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.mutt.org/pipermail/mutt-dev/attachments/20190621/0eb083d1/attachment.asc>


More information about the Mutt-dev mailing list