Ticket 151 - strip leading '-' for mailcap sanitize

Kevin J. McCarthy kevin at 8t8.us
Fri Jun 21 19:20:28 UTC 2019


On Fri, Jun 21, 2019 at 12:09:19PM -0700, Kevin J. McCarthy wrote:
><https://gitlab.com/muttmua/mutt/issues/151> noticed that a leading 
>'-' is not stripped from filenames, which could lead to them being 
>interpreted as command arguments.

Just to be clear, the ticket is actually advocating for sanitizing the 
leading "-", into "_" as other unsafe characters are.  I further wonder 
if we should just remove "-" from the whitelist rather than adding a 
special case for it.

As always, any feedback or historical context is very welcome.

-- 
Kevin J. McCarthy
GPG Fingerprint: 8975 A9B3 3AA3 7910 385C  5308 ADEF 7684 8031 6BDA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.mutt.org/pipermail/mutt-dev/attachments/20190621/427600af/attachment.asc>


More information about the Mutt-dev mailing list