Elsewhere in the mutt_save_attachment_list() flow, care is taken to
use the basename, but not in the most basic case.
It almost seems deliberate, but if so I think it's a poor choice.
Always use the basename. Don't allow a distracted user to
accidentally save random files elsewhere in their filesystem.
Thanks to Vincent Lefèvre for noticing this glaring issue, and opening
a ticket with a clear demonstration of the problem.
---
This patch is against the stable branch: hence the old parenthesis
style in the unchanged part of the code.
I haven't decided whether to release a 2.3.3 or just get 2.4.0 out in
the next few weeks.
recvattach.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/recvattach.c b/recvattach.c
index 62024963..30e17bcb 100644
--- a/recvattach.c
+++ b/recvattach.c
@@ -534,7 +534,7 @@ static int mutt_query_save_attachment (FILE *fp, BODY
*body, HEADER *hdr, char *
if (directory && *directory)
mutt_buffer_concat_path (buf, *directory, mutt_basename
(body->filename));
else
- mutt_buffer_strcpy (buf, body->filename);
+ mutt_buffer_strcpy (buf, mutt_basename(body->filename));
}
else if (body->hdr &&
body->encoding != ENCBASE64 &&
--
2.54.0
