Ticket 151 - strip leading '-' for mailcap sanitize

Derek Martin invalid at pizzashack.org
Fri Jun 21 20:43:57 UTC 2019

On Fri, Jun 21, 2019 at 12:09:19PM -0700, Kevin J. McCarthy wrote:
> <https://gitlab.com/muttmua/mutt/issues/151> noticed that a leading
> '-' is not stripped from filenames, which could lead to them being
> interpreted as command arguments.
> This seems like a good idea, and I'm a bit surprised


> no one has noticed it before.

I suspect it's because the folks who use mutt are, by and large,
experts with command-line tools and will rather naturally avoid doing
this, for exactly this reason.

But regardless, it does beg the question whether, after about 25 years
of no one bringing it up, we really need to consider making a change
here. I'm not necessarily opposed but as you know, I generally favor a
policy of "make changes conservatively, measuring the utility of the
change against the risk of chainging things."

Ideally I'd want to look at exactly where and how it's used in Mutt's
code and take some time to consider whether there is the potential for
such a change to unexpectedly break things for people, but I'll admit
it's pretty unlikely I'll have time to do that any time soon...

Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail due to spam prevention.  Sorry for the inconvenience.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.mutt.org/pipermail/mutt-dev/attachments/20190621/b5f2f261/attachment-0001.asc>

More information about the Mutt-dev mailing list