FYI, due to incorrect mailcap rules, which use '%s' or similar instead of just %s, the filename quoting system in Mutt eventually makes the filename *unquoted*, i.e. reversing its purpose, e.g.
"less ''/var/tmp/_.txt''" I've reported a general bug in Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930908 After reading the code, it appears that OPTMAILCAPSANITIZE is not used for %s: else if (*cptr == 's' && filename != NULL) { mutt_buffer_quote_filename (quoted, filename); mutt_buffer_addstr (buf, mutt_b2s (quoted)); needspipe = FALSE; } But it appears that the filename is usually or always sanitized. The code is not enough documented about that. If the filename is expected to be always sanitized, this should probably be double-checked here to be sure and potentially avoid future security bugs. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
