From 840b813fa27fafa7fe43e41e227a3331156c0d9b Mon Sep 17 00:00:00 2001
From: Kevin McCarthy <kevin@8t8.us>
Date: Sat, 22 Jun 2019 14:57:36 -0700
Subject: Make sure mailcap test %s is sanitized.

It's not clear to me if %s is allowed as part of a test field.
However since we are passing the attachment filename, we should
sanitize it first.
---
 rfc1524.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/rfc1524.c b/rfc1524.c
index 9fb0733e..a7338e1c 100644
--- a/rfc1524.c
+++ b/rfc1524.c
@@ -322,13 +322,19 @@ static int rfc1524_mailcap_parse (BODY *a,
 	   */
 	  char *test_command = NULL;
           BUFFER *command = NULL;
+          BUFFER *afilename = NULL;
 
 	  if (get_field_text (field + 4, &test_command, type, filename, line)
 	      && test_command)
 	  {
             command = mutt_buffer_pool_get ();
+            afilename = mutt_buffer_pool_get ();
             mutt_buffer_strcpy (command, test_command);
-	    mutt_rfc1524_expand_command (a, a->filename, type, command);
+            if (option (OPTMAILCAPSANITIZE))
+              mutt_buffer_sanitize_filename (afilename, NONULL(a->filename), 1);
+            else
+              mutt_buffer_strcpy (afilename, NONULL(a->filename));
+	    mutt_rfc1524_expand_command (a, mutt_b2s (afilename), type, command);
 	    if (mutt_system (mutt_b2s (command)))
 	    {
 	      /* a non-zero exit code means test failed */
@@ -336,6 +342,7 @@ static int rfc1524_mailcap_parse (BODY *a,
 	    }
 	    FREE (&test_command);
             mutt_buffer_pool_release (&command);
+            mutt_buffer_pool_release (&afilename);
 	  }
 	}
       } /* while (ch) */
-- 
cgit v1.2.3