* src/procmime.c
authorLuke Plant <L.Plant.98@cantab.net>
Sun, 14 Dec 2003 01:07:03 +0000 (01:07 +0000)
committerLuke Plant <L.Plant.98@cantab.net>
Sun, 14 Dec 2003 01:07:03 +0000 (01:07 +0000)
* src/common/utils.[ch]
o make temporary filename for attachments safe for %p
  substitutions in actions.

src/common/utils.c
src/common/utils.h
src/procmime.c

index d0d02a9..6cb5dca 100644 (file)
@@ -1039,6 +1039,12 @@ void subst_for_filename(gchar *str)
        subst_chars(str, " \t\r\n\"/\\", '_');
 }
 
+void subst_for_shellsafe_filename(gchar *str)
+{
+       subst_for_filename(str);
+       subst_chars(str, "|&;()<>'!{}[]",'_');
+}
+
 gboolean is_header_line(const gchar *str)
 {
        if (str[0] == ':') return FALSE;
index 8f53dc0..b458516 100644 (file)
@@ -280,6 +280,7 @@ void subst_chars                    (gchar          *str,
                                         gchar          *orig,
                                         gchar           subst);
 void subst_for_filename                        (gchar          *str);
+void subst_for_shellsafe_filename      (gchar          *str);
 gboolean is_header_line                        (const gchar    *str);
 gboolean is_ascii_str                  (const guchar   *str);
 gint get_quote_level                   (const gchar    *str,
index 4cad122..8f1a181 100644 (file)
@@ -686,7 +686,7 @@ gchar *procmime_get_tmp_file_name(MimeInfo *mimeinfo)
                base = g_basename(basetmp);
                if (*base == '\0') base = "mimetmp";
                Xstrdup_a(base, base, return NULL);
-               subst_for_filename(base);
+               subst_for_shellsafe_filename(base);
        }
 
        filename = g_strconcat(get_mime_tmp_dir(), G_DIR_SEPARATOR_S,