On Sun, Jun 23, 2019 at 11:43:56AM +0200, Eike Rathke wrote:
Ah ok I thought sanitizing was also used when saving attachments. As was mentioned elsewhere prefixing './' might be best if it starts with '-' and a path is not prepended (can that even happen?).
Only in send mode (i.e. from the compose menu), and then only if the symlink fails and the user agrees to proceed anyways. So I don't think this is an issue from Mutt's point of view.
The ticket submitter's issue was that he was writing a mailcap helper script, in which he extracted the filename and operated on it directly.
However, I'm still thinking about the cases for %{} and %t. Those are not prefixed with anything. On the other hand, use of those would tend to be as part of an option, (e.g. --charset=%{charset}). I'm reluctant to modify $mailcap_sanitize if not necessary though.
-- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
signature.asc
Description: PGP signature