summaryrefslogtreecommitdiffstats
path: root/attach.c
diff options
context:
space:
mode:
authorKevin McCarthy <kevin@8t8.us>2021-04-30 18:55:37 -0700
committerKevin McCarthy <kevin@8t8.us>2021-05-01 14:16:59 -0700
commita10d0bb53776f7a0c08a947398deafd4991aaf3f (patch)
tree591db825f1060d01d60bba633276e798b64cde35 /attach.c
parent98f0ca6bb80270f954e72fe20144a6cb41ef4593 (diff)
Add sanitize call in print mailcap function.
The mutt_rfc1524_expand_filename() function calls mutt_adv_mktemp(), which also calls the sanitizer. However, if the recv-mode suggested filename has a slash, it's better to sanitize before calling expand_filename() too, to preserve the entire filename (albeit with the slashes sanitized out). For example (ignoring name templates) if the file were called "either/or.pdf", pre-sanitizing would generate "either_or.pdf", while not doing so would generate "or.pdf".
Diffstat (limited to 'attach.c')
-rw-r--r--attach.c11
1 files changed, 10 insertions, 1 deletions
diff --git a/attach.c b/attach.c
index 7c06a8e6..6d658e30 100644
--- a/attach.c
+++ b/attach.c
@@ -966,13 +966,22 @@ int mutt_print_attachment (FILE *fp, BODY *a)
{
rfc1524_entry *entry = NULL;
int piped = 0;
+ char *sanitized_fname = NULL;
dprint (2, (debugfile, "Using mailcap...\n"));
entry = rfc1524_new_entry ();
rfc1524_mailcap_lookup (a, type, sizeof(type), entry, MUTT_PRINT);
- mutt_rfc1524_expand_filename (entry->nametemplate, a->filename,
+
+ sanitized_fname = safe_strdup (a->filename);
+ /* In send mode (!fp), we allow slashes because those are part of
+ * the tempfile. The path will be removed in expand_filename */
+ mutt_sanitize_filename (sanitized_fname,
+ (fp ? 0 : MUTT_SANITIZE_ALLOW_SLASH) |
+ MUTT_SANITIZE_ALLOW_8BIT);
+ mutt_rfc1524_expand_filename (entry->nametemplate, sanitized_fname,
newfile);
+ FREE (&sanitized_fname);
if (mutt_save_attachment (fp, a, mutt_b2s (newfile), 0, NULL) == -1)
goto mailcap_cleanup;