[Users] That won't work.
Jeremy Nicoll
jn.ml.clwm.729 at letterboxes.org
Tue Oct 13 01:07:08 CEST 2020
On Mon, 12 Oct 2020, at 23:26, Ralf Mardorf via Users wrote:
> Please, explain what are "()" or "{}" for! You are obviously missing
> the forest for the trees, or I'm missing the forest for the trees ;).
The last section of this webpage
https://www.claws-mail.org/faq/index.php/Templates
shows an example:
|p{echo -n `echo '%t%c'|grep -o '[a-zA-Z0-9]*@domain.com'`}
I would expect that the syntax is the one expected/supported by Claws.
> In this particular case, is it Claws executing commands.
I don't know precisely (not least because I know nearly nothing about
linux etc and that page above says this is a linux/unix feature). That is,
I don't know if Claws asks the OS to execute whatever's within the
brackets, or whether it starts a shell and somehow asks that to execute
what is within the brackets.
Does it matter? The problem is that in some circumstances what Claws
places between the brackets can contain commands not in the string.
Eg in the example above, there's clearly echo and grep commands ...
which whoever defines the entire command string would know about.
But if, for a particular email, the values of %t or %c also contain cmds
they could be executed too.
If I were using this mechanism I would want to put the echos and grep
etc inside my own script, and have Claws run the script AND have it
pass encoded versions of %t and %c to the script. The encoding
need be no more than replacing the character string value of each
parm by its hex representation... just something to make sure that
no command separator will be seen by whatever runs the string.
--
Jeremy Nicoll - my opinions are my own.
More information about the Users
mailing list