From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: Reiner Steib <4.uce.03.r.s@nurfuerspam.de> Newsgroups: gmane.emacs.devel Subject: Re: Possible problem with Gnus Date: Wed, 12 May 2004 11:59:42 +0200 Organization: Dept. of Theoretical Physics, University of Ulm Sender: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org Message-ID: References: <20040509230720.GB20485@fencepost> Reply-To: Reiner Steib NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Trace: sea.gmane.org 1084356753 7409 80.91.224.253 (12 May 2004 10:12:33 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Wed, 12 May 2004 10:12:33 +0000 (UTC) Cc: Jesper Harder , Richard Stallman Original-X-From: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org Wed May 12 12:12:20 2004 Return-path: Original-Received: from quimby.gnus.org ([80.91.224.244]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1BNqip-0005zv-00 for ; Wed, 12 May 2004 12:12:19 +0200 Original-Received: from monty-python.gnu.org ([199.232.76.173]) by quimby.gnus.org with esmtp (Exim 3.35 #1 (Debian)) id 1BNqip-0003We-00 for ; Wed, 12 May 2004 12:12:19 +0200 Original-Received: from localhost ([127.0.0.1] helo=monty-python.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.34) id 1BNqZo-0000WS-OJ for emacs-devel@quimby.gnus.org; Wed, 12 May 2004 06:03:00 -0400 Original-Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.34) id 1BNqZf-0000Vl-Bj for emacs-devel@gnu.org; Wed, 12 May 2004 06:02:51 -0400 Original-Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.34) id 1BNqZ7-0000Qn-7L for emacs-devel@gnu.org; Wed, 12 May 2004 06:02:48 -0400 Original-Received: from [80.91.224.249] (helo=main.gmane.org) by monty-python.gnu.org with esmtp (Exim 4.34) id 1BNqXV-0000IN-Sv for emacs-devel@gnu.org; Wed, 12 May 2004 06:00:38 -0400 Original-Received: from list by main.gmane.org with local (Exim 3.35 #1 (Debian)) id 1BNqXO-0007cF-00 for ; Wed, 12 May 2004 12:00:30 +0200 Original-Received: from lumberjack.physik.uni-ulm.de ([134.60.10.173]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 12 May 2004 12:00:30 +0200 Original-Received: from reiner.steib by lumberjack.physik.uni-ulm.de with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Wed, 12 May 2004 12:00:30 +0200 X-Injected-Via-Gmane: http://gmane.org/ Mail-Followup-To: emacs-devel@gnu.org Original-To: emacs-devel@gnu.org Original-Lines: 65 Original-X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: lumberjack.physik.uni-ulm.de Mail-Followup-To: Richard Stallman , emacs-devel@gnu.org X-Face: #vK]N[`vqjuod*|)'[iD7/"3AB-ApT%fmN"LWAg@oS7OesGv~)n[OBTLM#I="J'Y^-7I I/ps7o_'IK@#-Rs{::DZ@O8yS|fexe,XslY[:dNWOb~>?mC-&i_c)say:"\IpA.5U.b]'NY; Pks{lb h.+#6%DpZuaK3dcHB`Av3zc:r!C%~s0&m, tWj]&}, qg.+0ww2gK%f!:GK|wMl.I!(voY*1"^li8"~B BNG)9LvPi?^DMR-GVDnZqhu*3Hi, +g=wFhI)BL6&u{EOVEHjVEVq~d?_}lMntWAc3(6?kftjc>_f>! g0wM(qPM$d5]^TT_Qyi&L?LGVG)SHN;Gk/,pkY9,~ Mail-Copies-To: nobody User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3.50 (gnu/linux) Cancel-Lock: sha1:o8b4zMRsG+5wcFwRfpbs+soDIy8= X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.4 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org Xref: main.gmane.org gmane.emacs.devel:23229 X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:23229 On Tue, May 11 2004, Paul Jarc wrote: > Reiner Steib <4.uce.03.r.s@nurfuerspam.de> wrote: >> E.g. xdvi is launched as "xdvi -safer %s". > > What if the attachment's filename contains characters that would be > dangerous for the shell? Does Gnus use the filename in the message, > or generate its own? Gnus creates a new temporary directory[1]. The filename is rewritten using `mm-file-name-rewrite-functions'[1,2] in order to avoid dangerous characters. (Cc-ing Jesper Harder, who improved `mm-file-name-rewrite-functions' recently.) I wonder if e.g. »`« and »&« should be removed too. Jesper, could you explain why those are not deleted in `mm-file-name-delete-gotchas'? Testing... Okay, Gnus already seems to do proper quoting: [2. application/postscript; dan`ls`erous.ps] -> »Displaying gv -safer /tmp/ste/emm.11740F6T/dan\`ls\`erous.ps...«. Bye, Reiner. [1] See the function `mm-display-external' in `mm-decode.el': --8<---------------cut here---------------start------------->8--- (let* ((dir (mm-make-temp-file (expand-file-name "emm." mm-tmp-directory) 'dir)) (filename (or (mail-content-type-get (mm-handle-disposition handle) 'filename) (mail-content-type-get (mm-handle-type handle) 'name))) [...] file buffer) ;; We create a private sub-directory where we store our files. (set-file-modes dir 448) (if filename (setq file (expand-file-name (gnus-map-function mm-file-name-rewrite-functions (file-name-nondirectory filename)) dir)) (setq file (mm-make-temp-file (expand-file-name "mm." dir)))) --8<---------------cut here---------------end--------------->8--- [2] ,----[ (info "(emacs-mime)Files and Directories") ] | `mm-file-name-rewrite-functions' | A list of functions used for rewriting file names of MIME parts. | Each function is applied successively to the file name. | Ready-made functions include | | `mm-file-name-delete-control' | Delete all control characters. | | `mm-file-name-delete-gotchas' | Delete characters that could have unintended consequences | when used with flawed shell scripts, i.e. `|', `>' and `<'; | and `-', `.' as the first character. `---- -- ,,, (o o) ---ooO-(_)-Ooo--- PGP key available via WWW http://rsteib.home.pages.de/