Ticket 151 - strip leading '-' for mailcap sanitize
cs at cskk.id.au
Fri Jun 21 22:38:37 UTC 2019
On 21Jun2019 12:20, Kevin J. McCarthy <kevin at 8t8.us> wrote:
>On Fri, Jun 21, 2019 at 12:09:19PM -0700, Kevin J. McCarthy wrote:
>><https://gitlab.com/muttmua/mutt/issues/151> noticed that a leading
>>'-' is not stripped from filenames, which could lead to them being
>>interpreted as command arguments.
>Just to be clear, the ticket is actually advocating for sanitizing the
>leading "-", into "_" as other unsafe characters are. I further
>wonder if we should just remove "-" from the whitelist rather than
>adding a special case for it.
>As always, any feedback or historical context is very welcome.
Please don't. Add a "./" prefix. That way the filename is unchanged in
If you're _generating_ a scratch filename then avoiding various things
is fine, but if you're _using_ a supplied filename then any portion of
it may be significant to the target receiving it. So don't muck with it,
just render it unoptionlike with a leading "./".
Cameron Simpson <cs at cskk.id.au>
More information about the Mutt-dev