On 2021-04-27 10:17:29 -0700, Kevin J. McCarthy wrote:
> Ticket 351 on gitlab (https://gitlab.com/muttmua/mutt/-/issues/351) noted
> that an attachment 中文名称.txt, when launched via a mailcap viewer, created
> a tempfile "____________.txt".
>
> This is because of the sanitize_filename() functions, which have an
> allow-list of
> "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+@{}._-:%/"
> (with the '/' disabled for filenames).
Concerning the ASCII characters, note that "{" and "}" may have a
special meaning for the shell. In zsh:
zira% echo {a..d}
a b c d
And ":" may have a special interpretation in some applications
(e.g. scp, but maybe applications that support URL arguments).
I also wonder whether "%" should be forbidden, unless you know that
it comes from percent-encoding.
Note also that "-" should not be used as the first character of
a filename, otherwise it could be confused with an option.
--
Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
