[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Possible problem with Gnus
|
From: |
Reiner Steib |
|
Subject: |
Re: Possible problem with Gnus |
|
Date: |
Wed, 12 May 2004 11:59:42 +0200 |
|
User-agent: |
Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3.50 (gnu/linux) |
On Tue, May 11 2004, Paul Jarc wrote:
> Reiner Steib <address@hidden> wrote:
>> E.g. xdvi is launched as "xdvi -safer %s".
>
> What if the attachment's filename contains characters that would be
> dangerous for the shell? Does Gnus use the filename in the message,
> or generate its own?
Gnus creates a new temporary directory[1]. The filename is rewritten
using `mm-file-name-rewrite-functions'[1,2] in order to avoid
dangerous characters.
(Cc-ing Jesper Harder, who improved `mm-file-name-rewrite-functions'
recently.) I wonder if e.g. »`« and »&« should be removed too.
Jesper, could you explain why those are not deleted in
`mm-file-name-delete-gotchas'? Testing... Okay, Gnus already seems
to do proper quoting:
[2. application/postscript; dan`ls`erous.ps]
-> »Displaying gv -safer /tmp/ste/emm.11740F6T/dan\`ls\`erous.ps...«.
Bye, Reiner.
[1] See the function `mm-display-external' in `mm-decode.el':
--8<---------------cut here---------------start------------->8---
(let* ((dir (mm-make-temp-file
(expand-file-name "emm." mm-tmp-directory) 'dir))
(filename (or
(mail-content-type-get
(mm-handle-disposition handle) 'filename)
(mail-content-type-get
(mm-handle-type handle) 'name)))
[...]
file buffer)
;; We create a private sub-directory where we store our files.
(set-file-modes dir 448)
(if filename
(setq file (expand-file-name
(gnus-map-function mm-file-name-rewrite-functions
(file-name-nondirectory filename))
dir))
(setq file (mm-make-temp-file (expand-file-name "mm." dir))))
--8<---------------cut here---------------end--------------->8---
[2]
,----[ (info "(emacs-mime)Files and Directories") ]
| `mm-file-name-rewrite-functions'
| A list of functions used for rewriting file names of MIME parts.
| Each function is applied successively to the file name.
| Ready-made functions include
|
| `mm-file-name-delete-control'
| Delete all control characters.
|
| `mm-file-name-delete-gotchas'
| Delete characters that could have unintended consequences
| when used with flawed shell scripts, i.e. `|', `>' and `<';
| and `-', `.' as the first character.
`----
--
,,,
(o o)
---ooO-(_)-Ooo--- PGP key available via WWW http://rsteib.home.pages.de/
- Re: Gnus for next release, (continued)
- Re: Gnus for next release, David Kastrup, 2004/05/10
- Re: Gnus for next release, Reiner Steib, 2004/05/10
- Re: Possible problem with Gnus, Stefan Monnier, 2004/05/11
- Re: Possible problem with Gnus, Reiner Steib, 2004/05/11
- Re: Possible problem with Gnus, Paul Jarc, 2004/05/11
- Re: Possible problem with Gnus,
Reiner Steib <=
- Re: Possible problem with Gnus, Paul Jarc, 2004/05/12
- Re: Possible problem with Gnus, Jesper Harder, 2004/05/12
- Re: Possible problem with Gnus, Reiner Steib, 2004/05/12
- Re: Possible problem with Gnus, Jesper Harder, 2004/05/12
- Re: Possible problem with Gnus, Stefan Monnier, 2004/05/11
- Re: Possible problem with Gnus, Reiner Steib, 2004/05/12
- Re: Possible problem with Gnus, David Kastrup, 2004/05/12
- Re: Possible problem with Gnus, Richard Stallman, 2004/05/13
- Re: Possible problem with Gnus, David Kastrup, 2004/05/13
- Re: Possible problem with Gnus, Stefan Monnier, 2004/05/13