FREE (&ctx->compress_info);
}
+/**
+ * escape_path - Escapes single quotes in a path for a command string.
+ * @src - the path to escape.
+ *
+ * Returns: a pointer to the escaped string.
+ */
+static char *
+escape_path (char *src)
+{
+ static char dest[HUGE_STRING];
+ char *destp = dest;
+ int destsize = 0;
+
+ if (!src)
+ return NULL;
+
+ while (*src && (destsize < sizeof(dest) - 1))
+ {
+ if (*src != '\'')
+ {
+ *destp++ = *src++;
+ destsize++;
+ }
+ else
+ {
+ /* convert ' into '\'' */
+ if (destsize + 4 < sizeof(dest))
+ {
+ *destp++ = *src++;
+ *destp++ = '\\';
+ *destp++ = '\'';
+ *destp++ = '\'';
+ destsize += 4;
+ }
+ else
+ break;
+ }
+ }
+ *destp = '\0';
+
+ return dest;
+}
+
/**
* cb_format_str - Expand the filenames in the command string
* @dest: Buffer in which to save string
{
case 'f':
/* Compressed file */
- snprintf (dest, destlen, "%s", ctx->realpath);
+ snprintf (dest, destlen, "%s", NONULL (escape_path (ctx->realpath)));
break;
case 't':
/* Plaintext, temporary file */
- snprintf (dest, destlen, "%s", ctx->path);
+ snprintf (dest, destlen, "%s", NONULL (escape_path (ctx->path)));
break;
}
return src;
<para>
The shell-command must contain two placeholders for filenames:
<literal>%f</literal> and <literal>%t</literal>. These represent
- <quote>from</quote> and <quote>to</quote> filenames. It's a good idea to
- put quotes around these placeholders.
+ <quote>from</quote> and <quote>to</quote> filenames. These placeholders
+ should be placed inside single-quotes to prevent unintended shell
+ expansions.
</para>
<para>
</para>
</sect3>
</sect2>
-
- <sect2 id="compress-known-bugs">
- <title>Known Bugs</title>
-
- <itemizedlist>
- <listitem><para>The Compressed Folder hooks cannot deal with filenames that contains quotes/apostrophes.</para></listitem>
- </itemizedlist>
- </sect2>
</sect1>
</chapter>
projects / mutt / commitdiff