diff options
author | Kevin McCarthy <kevin@8t8.us> | 2021-04-30 18:55:37 -0700 |
---|---|---|
committer | Kevin McCarthy <kevin@8t8.us> | 2021-05-01 14:16:59 -0700 |
commit | a10d0bb53776f7a0c08a947398deafd4991aaf3f (patch) | |
tree | 591db825f1060d01d60bba633276e798b64cde35 /attach.c | |
parent | 98f0ca6bb80270f954e72fe20144a6cb41ef4593 (diff) |
Add sanitize call in print mailcap function.
The mutt_rfc1524_expand_filename() function calls mutt_adv_mktemp(),
which also calls the sanitizer.
However, if the recv-mode suggested filename has a slash, it's better
to sanitize before calling expand_filename() too, to preserve the
entire filename (albeit with the slashes sanitized out).
For example (ignoring name templates) if the file were called
"either/or.pdf", pre-sanitizing would generate "either_or.pdf", while
not doing so would generate "or.pdf".
Diffstat (limited to 'attach.c')
-rw-r--r-- | attach.c | 11 |
1 files changed, 10 insertions, 1 deletions
@@ -966,13 +966,22 @@ int mutt_print_attachment (FILE *fp, BODY *a) { rfc1524_entry *entry = NULL; int piped = 0; + char *sanitized_fname = NULL; dprint (2, (debugfile, "Using mailcap...\n")); entry = rfc1524_new_entry (); rfc1524_mailcap_lookup (a, type, sizeof(type), entry, MUTT_PRINT); - mutt_rfc1524_expand_filename (entry->nametemplate, a->filename, + + sanitized_fname = safe_strdup (a->filename); + /* In send mode (!fp), we allow slashes because those are part of + * the tempfile. The path will be removed in expand_filename */ + mutt_sanitize_filename (sanitized_fname, + (fp ? 0 : MUTT_SANITIZE_ALLOW_SLASH) | + MUTT_SANITIZE_ALLOW_8BIT); + mutt_rfc1524_expand_filename (entry->nametemplate, sanitized_fname, newfile); + FREE (&sanitized_fname); if (mutt_save_attachment (fp, a, mutt_b2s (newfile), 0, NULL) == -1) goto mailcap_cleanup; |