[Users] That won't work.
claws at dragony.name
claws at dragony.name
Sun Oct 11 01:31:08 CEST 2020
> Paul wrote:
>
> >One option is to use a Template.
> >
> >e.g.:
> >Right-click a folder
> >choose 'Properties'
> >Go to the Templates page
> >Select the Reply tab
> >Check the box to "Use template when replying to message"
> >In the "From" field put %to
> >Click OK
>
> Perfect! Thanks for a quick solution [virtual hug].
>
Unfortunately that does not work reliably. Imagine you have
To: your at mail.com, another at person.com
You will then put "your at mail.com, another at person.com" into the new from-field, which is not what you want. Fortunately there are many placeholders available, and a wonder-placeholder I have found is |p{tool.pl '%to'}. It executes tool.pl, which can do basically everything, even connect to a mysql database to find out what to correctly output so claws puts the correct sender into the field.
So far it works with every case I have tested.
BUT DON'T USE IT! There is a major security hole by using this exactly the way I have posted.
Imagine someone knows about your little hack and sends you a mail with
To: bad at hacker.com'; rm -rf /* ;'
And your day is ruined...
So... is there a way I can quote the meta-chars of an argument so that %to is safe to append to a shell-script?
If there is not, then just don't yell at me for asking simple questions. I can also give the message-id as an argument and open the temp-file in the cache-dir. Code-bloat inc! Yay!
- Dragony
More information about the Users
mailing list