On Sat, Jun 22, 2019 at 12:24:16PM +0200, Vincent Lefevre wrote:
After reading the code, it appears that OPTMAILCAPSANITIZE is not
used for %s:
else if (*cptr == 's' && filename != NULL)
{
mutt_buffer_quote_filename (quoted, filename);
mutt_buffer_addstr (buf, mutt_b2s (quoted));
needspipe = FALSE;
}
It's sanitized externally by mutt_rfc1524_expand_filename() for receive-mode usage. See mutt_view_attachment(), mutt_print_attachment(), and autoview_handler().
If the filename is expected to be always sanitized, this should probably be double-checked here to be sure and potentially avoid future security bugs.
No, the setup code is complicated, as you can see from the above listed functions. Send mode directly uses the filename if a nametemplate isn't required.
-- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
signature.asc
Description: PGP signature
