---
sendlib.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/sendlib.c b/sendlib.c
index 430b5d73..05039714 100644
--- a/sendlib.c
+++ b/sendlib.c
@@ -2706,6 +2706,14 @@ mutt_invoke_sendmail (ADDRESS *from, /* the sender */
return -1;
}
+ /* check for shell meta-characters that won't do what the user expects */
+#define SHELL_NON_SPACE_META_CHARACTERS "|&;()<>[]{}$`'~\"\\*?"
+ if (Sendmail[strcspn(Sendmail, SHELL_NON_SPACE_META_CHARACTERS)] != '\0')
+ {
+ mutt_error(_("$sendmail cannot contain shell meta-characters."));
+ return -1;
+ }
+
ps = s;
i = 0;
while ((ps = strtok (ps, " ")))
--
2.30.2
