...but my experience working with /bin/sh in other matters over the years
suggests that the safest thing to do is always to quote shell metacharacters
you aren't deliberately intending to interpret.
Right, but think about what is happening here. We are passing this
arbitrary text to user-controlled command line which might possibly be
in their .mh_profile. Is %{name} surrounded by double quotes? By single
quotes? By any quotes at all? Different quoting rules for each! I think
trying to intuit the right quoting rules is nearly impossible. I suppose
we could in theory see if %{xxx} is quoted, but it might be part of some
other quoted string, e.g.: "Now displaying %{name}" or whatever. It just
seems like any solution here is going to be super-fragile and we're going
to run into someone where it doesn't work for them.
That's why I am thinking that for THIS case, anything that ends up as
a shell metacharacter should be stripped out. Or ... we decide on a
very specific set of interface rules and document them completely.
--Ken
--
Nmh-workers
https://lists.nongnu.org/mailman/listinfo/nmh-workers