[Users] That won't work.

claws at dragony.name claws at dragony.name
Sun Oct 11 01:31:08 CEST 2020


> Paul wrote:
> 
> >One option is to use a Template.
> >
> >e.g.:
> >Right-click a folder
> >choose 'Properties'
> >Go to the Templates page
> >Select the Reply tab
> >Check the box to "Use template when replying to message"
> >In the "From" field put %to
> >Click OK  
> 
> Perfect! Thanks for a quick solution [virtual hug].
> 

Unfortunately that does not work reliably. Imagine you have

To: your at mail.com, another at person.com

You will then put "your at mail.com, another at person.com" into the new from-field, which is not what you want. Fortunately there are many placeholders available, and a wonder-placeholder I have found is |p{tool.pl '%to'}. It executes tool.pl, which can do basically everything, even connect to a mysql database to find out what to correctly output so claws puts the correct sender into the field.

So far it works with every case I have tested.

BUT DON'T USE IT! There is a major security hole by using this exactly the way I have posted.

Imagine someone knows about your little hack and sends you a mail with

To: bad at hacker.com'; rm -rf /* ;'

And your day is ruined...

So... is there a way I can quote the meta-chars of an argument so that %to is safe to append to a shell-script?

If there is not, then just don't yell at me for asking simple questions. I can also give the message-id as an argument and open the temp-file in the cache-dir. Code-bloat inc! Yay!

- Dragony


More information about the Users mailing list