On 2019-06-22 08:38:37 +1000, Cameron Simpson wrote: > On 21Jun2019 12:20, Kevin J. McCarthy <ke...@8t8.us> wrote: > > On Fri, Jun 21, 2019 at 12:09:19PM -0700, Kevin J. McCarthy wrote: > > > <https://gitlab.com/muttmua/mutt/issues/151> noticed that a leading > > > '-' is not stripped from filenames, which could lead to them being > > > interpreted as command arguments. > > > > Just to be clear, the ticket is actually advocating for sanitizing the > > leading "-", into "_" as other unsafe characters are. I further wonder > > if we should just remove "-" from the whitelist rather than adding a > > special case for it. > > > > As always, any feedback or historical context is very welcome. > > Please don't. Add a "./" prefix. That way the filename is unchanged in > meaning.
I agree that the "./" prefix is the best solution, but only when the filename starts with '-'. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
