From: David Levine Date: Thu, 20 Feb 2014 00:57:29 +0000 (-0600) Subject: Refined commit ed3214f1518b36c8b96a1a17be4af0a708ea25e3 to only X-Git-Url: https://diplodocus.org/git/nmh/commitdiff_plain/3fb033ebd9f503b650912aa50ea78cb9b4b77bc2?ds=inline;hp=7559e1ebf6b24d9a4fe0937b0d25b3adb36d64df Refined commit ed3214f1518b36c8b96a1a17be4af0a708ea25e3 to only accept single quotes wrapping %f and %F display escapes. --- diff --git a/man/mhshow.man b/man/mhshow.man index d25e6ebc..40304b09 100644 --- a/man/mhshow.man +++ b/man/mhshow.man @@ -319,8 +319,8 @@ mhshow-show-application/PostScript: lpr -Pps .fi .RE .PP -If an f- or F-escape is not quoted with single quotes, double quotes, -or backticks, its expansion will be wrapped with single quotes. +If an f- or F-escape is not quoted with single quotes, its expansion +will be wrapped with single quotes. .PP Finally, .B mhshow diff --git a/uip/mhshowsbr.c b/uip/mhshowsbr.c index a4a2029f..bd44c859 100644 --- a/uip/mhshowsbr.c +++ b/uip/mhshowsbr.c @@ -842,13 +842,22 @@ parse_display_string (CT ct, char *cp, int *xstdin, int *xlist, int *xpause, for (part = m->mp_parts; part; part = part->mp_next) { p = part->mp_part; - /* Don't quote filename if it's already quoted. Assume - it's quoted if previous character was a quote. */ - if (p->c_storage && (*(p->c_storage-1) == '\'' || - *(p->c_storage-1) == '"' || - *(p->c_storage-1) == '`')) { + /* Don't quote filename if it's already quoted. */ + if (p->c_storage && *(p->c_storage-1) == '\'') { + /* If there isn't a matching close quote, bail + out. */ + if (*(cp+1) != '\'') { + adios(NULL, "%%f/%%F not properly escaped: " + "%s%s\n", + buffer, cp); + } snprintf (bp, buflen, "%s%s", s, p->c_storage); } else { + if (*(cp+1) != '\0' && *(cp+1) == '\'') { + adios(NULL, "%%f/%%F not properly escaped: " + "%s%s\n", + buffer, cp); + } snprintf (bp, buflen, "%s'%s'", s, p->c_storage); } @@ -859,12 +868,20 @@ parse_display_string (CT ct, char *cp, int *xstdin, int *xlist, int *xpause, } } else { /* insert filename containing content */ - if (bp > buffer && - (*(bp-1) == '\'' || *(bp-1) == '"' || *(bp-1) == '`')) { - /* Don't quote filename if it's already quoted. Assume - it's quoted if previous character was a quote. */ + if (bp > buffer && *(bp-1) == '\'') { + /* Don't quote filename if it's already quoted. */ + /* If there isn't a matching close quote, bail + out. */ + if (*(cp+1) != '\'') { + adios(NULL, "%%f/%%F not properly escaped: %s%s\n", + buffer, cp); + } snprintf (bp, buflen, "%s", file); } else { + if (*(cp+1) != '\0' && *(cp+1) == '\'') { + adios(NULL, "%%f/%%F not properly escaped: %s%s\n", + buffer, cp); + } snprintf (bp, buflen, "'%s'", file); } @@ -873,6 +890,24 @@ parse_display_string (CT ct, char *cp, int *xstdin, int *xlist, int *xpause, * logic below. (I know, I should figure out what's * broken with the quoting logic, but..) */ + /* + * Here's the email that submitted the patch with + * the comment above: + * https://www.mail-archive.com/nmh-workers@mhost.com/ + * msg00288.html + * I can't tell from that exactly what was broken, + * beyond misquoting of the filename. The profile + * had appearances of %F both with and without quotes. + * The unquoted ones should have been quoted by the + * code below. + * The fix was to always quote the filename. But + * that broke '%F' because it expanded to ''filename''. + * That's why I added the condition above to not + * quote if the escape was wrapped with single + * quotes. It would be (much) better to rely on + * the quoting code below, but until I understand + * what is wrong with it, I won't do that. + */ len = strlen(bp); bp += len; buflen -= len;