Ticket 151 - strip leading '-' for mailcap sanitize
Vincent Lefevre
vincent at vinc17.org
Sat Jun 22 08:01:49 UTC 2019
On 2019-06-22 08:38:37 +1000, Cameron Simpson wrote:
> On 21Jun2019 12:20, Kevin J. McCarthy <kevin at 8t8.us> wrote:
> > On Fri, Jun 21, 2019 at 12:09:19PM -0700, Kevin J. McCarthy wrote:
> > > <https://gitlab.com/muttmua/mutt/issues/151> noticed that a leading
> > > '-' is not stripped from filenames, which could lead to them being
> > > interpreted as command arguments.
> >
> > Just to be clear, the ticket is actually advocating for sanitizing the
> > leading "-", into "_" as other unsafe characters are. I further wonder
> > if we should just remove "-" from the whitelist rather than adding a
> > special case for it.
> >
> > As always, any feedback or historical context is very welcome.
>
> Please don't. Add a "./" prefix. That way the filename is unchanged in
> meaning.
I agree that the "./" prefix is the best solution, but only when
the filename starts with '-'.
--
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
More information about the Mutt-dev
mailing list