Refined commit ed3214f1518b36c8b96a1a17be4af0a708ea25e3 to only

accept single quotes wrapping %f and %F display escapes.

diff --git a/man/mhshow.man b/man/mhshow.man
index d25e6ebc5f3b7b2c9461c64af0c188179457b572..40304b09d3e7b9c74cc025c2723c8706e6ce6f0a 100644 (file)
--- a/man/mhshow.man
+++ b/man/mhshow.man
@@ -319,8 +319,8 @@ mhshow-show-application/PostScript: lpr -Pps
 .fi
 .RE
 .PP
-If an f- or F-escape is not quoted with single quotes, double quotes,
-or backticks, its expansion will be wrapped with single quotes.
+If an f- or F-escape is not quoted with single quotes, its expansion
+will be wrapped with single quotes.
 .PP
 Finally,
 .B mhshow

diff --git a/uip/mhshowsbr.c b/uip/mhshowsbr.c
index a4a2029f149fa001317e3433ba5b572598b1249b..bd44c85975d5e247a6774cff22a95a18645f655e 100644 (file)
--- a/uip/mhshowsbr.c
+++ b/uip/mhshowsbr.c
@@ -842,13 +842,22 @@ parse_display_string (CT ct, char *cp, int *xstdin, int *xlist, int *xpause,
                    for (part = m->mp_parts; part; part = part->mp_next) {
                        p = part->mp_part;
 
-                       /* Don't quote filename if it's already quoted.  Assume
-                          it's quoted if previous character was a quote. */
-                       if (p->c_storage  &&  (*(p->c_storage-1) == '\'' ||
-                                              *(p->c_storage-1) == '"' ||
-                                              *(p->c_storage-1) == '`')) {
+                       /* Don't quote filename if it's already quoted. */
+                       if (p->c_storage  &&  *(p->c_storage-1) == '\'') {
+                           /* If there isn't a matching close quote, bail
+                              out. */
+                           if (*(cp+1) != '\'') {
+                               adios(NULL, "%%f/%%F not properly escaped: "
+                                     "%s%s\n",
+                                     buffer, cp);
+                           }
                            snprintf (bp, buflen, "%s%s", s, p->c_storage);
                        } else {
+                           if (*(cp+1) != '\0'  &&  *(cp+1) == '\'') {
+                               adios(NULL, "%%f/%%F not properly escaped: "
+                                     "%s%s\n",
+                                     buffer, cp);
+                           }
                            snprintf (bp, buflen, "%s'%s'", s, p->c_storage);
                        }
 
@@ -859,12 +868,20 @@ parse_display_string (CT ct, char *cp, int *xstdin, int *xlist, int *xpause,
                    }
                } else {
                    /* insert filename containing content */
-                   if (bp > buffer  &&
-                        (*(bp-1) == '\'' || *(bp-1) == '"' || *(bp-1) == '`')) {
-                       /* Don't quote filename if it's already quoted.  Assume
-                          it's quoted if previous character was a quote. */
+                   if (bp > buffer  &&  *(bp-1) == '\'') {
+                       /* Don't quote filename if it's already quoted. */
+                       /* If there isn't a matching close quote, bail
+                          out. */
+                       if (*(cp+1) != '\'') {
+                           adios(NULL, "%%f/%%F not properly escaped: %s%s\n",
+                                 buffer, cp);
+                       }
                        snprintf (bp, buflen, "%s", file);
                    } else {
+                       if (*(cp+1) != '\0'  &&  *(cp+1) == '\'') {
+                           adios(NULL, "%%f/%%F not properly escaped: %s%s\n",
+                                 buffer, cp);
+                       }
                        snprintf (bp, buflen, "'%s'", file);
                    }
 
@@ -873,6 +890,24 @@ parse_display_string (CT ct, char *cp, int *xstdin, int *xlist, int *xpause,
                     * logic below.  (I know, I should figure out what's
                     * broken with the quoting logic, but..)
                     */
+                   /*
+                    * Here's the email that submitted the patch with
+                    * the comment above:
+                    *   https://www.mail-archive.com/nmh-workers@mhost.com/
+                    *     msg00288.html
+                    * I can't tell from that exactly what was broken,
+                    * beyond misquoting of the filename.  The profile
+                    * had appearances of %F both with and without quotes.
+                    * The unquoted ones should have been quoted by the
+                    * code below.
+                    * The fix was to always quote the filename.  But
+                    * that broke '%F' because it expanded to ''filename''.
+                    * That's why I added the condition above to not
+                    * quote if the escape was wrapped with single
+                    * quotes.  It would be (much) better to rely on
+                    * the quoting code below, but until I understand
+                    * what is wrong with it, I won't do that.
+                    */
                    len = strlen(bp);
                    bp += len;
                    buflen -= len;