Ticket 151 - strip leading '-' for mailcap sanitize

Fri, 21 Jun 2019 12:09:43 -0700

<https://gitlab.com/muttmua/mutt/issues/151> noticed that a leading '-' is not stripped from filenames, which could lead to them being interpreted as command arguments.
This seems like a good idea, and I'm a bit surprised no one has noticed it before. 


Perhaps the "expected" behavior is putting '--' before the %s, but 
neither the sample mailcap or manual mention that.  So I would think 
it's a good idea to add the protection to mutt instead.


Is this an oversight, or am I missing something?

Thanks,

--
Kevin J. McCarthy
GPG Fingerprint: 8975 A9B3 3AA3 7910 385C  5308 ADEF 7684 8031 6BDA



Attachment:
signature.asc

Description: PGP signature






















					Reply via email to