Make sure mailcap test %s is sanitized

It's not clear to me if %s is allowed as part of a test field.
However since we are passing the attachment filename, we should
sanitize it first.

Co-authored-by: Richard Russon <rich@flatcap.org>

diff --git a/rfc1524.c b/rfc1524.c
index 0860c3bf6cb0cf636b89391517e6397170f955ed..387c519d1fd2371875dccaf121d20130f7089269 100644 (file)
--- a/rfc1524.c
+++ b/rfc1524.c
@@ -353,8 +353,13 @@ static bool rfc1524_mailcap_parse(struct Body *a, char *filename, char *type,
           if (get_field_text(field + plen, &test_command, type, filename, line) && test_command)
           {
             struct Buffer *command = mutt_buffer_pool_get();
+            struct Buffer *afilename = mutt_buffer_pool_get();
             mutt_buffer_strcpy(command, test_command);
-            mutt_rfc1524_expand_command(a, a->filename, type, command);
+            if (C_MailcapSanitize)
+              mutt_buffer_sanitize_filename(afilename, NONULL(a->filename), true);
+            else
+              mutt_buffer_strcpy(afilename, NONULL(a->filename));
+            mutt_rfc1524_expand_command(a, mutt_b2s(afilename), type, command);
             if (mutt_system(mutt_b2s(command)))
             {
               /* a non-zero exit code means test failed */
@@ -362,6 +367,7 @@ static bool rfc1524_mailcap_parse(struct Body *a, char *filename, char *type,
             }
             FREE(&test_command);
             mutt_buffer_pool_release(&command);
+            mutt_buffer_pool_release(&afilename);
           }
         }
         else if (mutt_str_startswith(field, "x-neomutt-keep", CASE_IGNORE))