On Fri, Jun 21, 2019 at 12:09:19PM -0700, Kevin J. McCarthy wrote:
<https://gitlab.com/muttmua/mutt/issues/151> noticed that a leading '-' is not stripped from filenames, which could lead to them being interpreted as command arguments.
Just to be clear, the ticket is actually advocating for sanitizing the leading "-", into "_" as other unsafe characters are. I further wonder if we should just remove "-" from the whitelist rather than adding a special case for it.
As always, any feedback or historical context is very welcome. -- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
signature.asc
Description: PGP signature
