--- /dev/null
+Return-Path: <league@contrapunctus.net>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+ by olra.theworths.org (Postfix) with ESMTP id AE10A4196F0\r
+ for <notmuch@notmuchmail.org>; Fri, 28 May 2010 17:02:45 -0700 (PDT)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: 0.8\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8]\r
+ autolearn=ham\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+ by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+ with ESMTP id duDkWGmGuBXk for <notmuch@notmuchmail.org>;\r
+ Fri, 28 May 2010 17:02:35 -0700 (PDT)\r
+X-Greylist: delayed 425 seconds by postgrey-1.32 at olra;\r
+ Fri, 28 May 2010 17:02:35 PDT\r
+Received: from contrapunctus.net (contrapunctus.net [207.210.219.173])\r
+ by olra.theworths.org (Postfix) with ESMTP id 3153A431FC1\r
+ for <notmuch@notmuchmail.org>; Fri, 28 May 2010 17:02:35 -0700 (PDT)\r
+Received: from ansible (unknown [96.239.99.202])\r
+ by contrapunctus.net (Postfix) with ESMTPSA id C614B9456\r
+ for <notmuch@notmuchmail.org>; Fri, 28 May 2010 19:55:27 -0400 (EDT)\r
+From: Christopher League <league@contrapunctus.net>\r
+To: notmuch@notmuchmail.org\r
+Subject: [PATCH] quoting message-IDs for the shell\r
+User-Agent: Notmuch/0.3.1-17-gc50524e (http://notmuchmail.org) Emacs/23.1.1\r
+ (i486-pc-linux-gnu)\r
+Date: Fri, 28 May 2010 19:55:25 -0400\r
+Message-ID: <87bpbztwcy.fsf@contrapunctus.net>\r
+MIME-Version: 1.0\r
+Content-Type: text/plain; charset=us-ascii\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+ <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Sat, 29 May 2010 00:02:45 -0000\r
+\r
+Hello all, I'm new to notmuch and having fun so far, although it has\r
+some rough edges! I hope I can help polish some things, but please be\r
+kind if I make any missteps as I begin to engage with this community!\r
+\r
+One thing I noticed is that sometimes the tag removal would fail and\r
+messages would stay in my inbox after I had supposedly read and archived\r
+them. It turned out that these messages had dollar signs in the message\r
+IDs, causing them to be interpreted strangely by the shell!\r
+\r
+So below is a small patch that quotes message IDs when adding and\r
+removing tags. I looked for a lower-level place to do more systematic\r
+quoting, but I thought it would be more likely to break things. There is\r
+code for quoting search-terms already.\r
+\r
+It occurs to me that since Message-IDs are external data, and we're\r
+passing them to the shell, this could be an EXTREMELY dangerous security\r
+hole.. but I won't be the one to craft an email to this list with some\r
+";rm -rf /;" component in the Message-ID...\r
+\r
+Best,\r
+Chris\r
+\r
+---\r
+ emacs/notmuch-show.el | 8 ++++++--\r
+ 1 files changed, 6 insertions(+), 2 deletions(-)\r
+\r
+diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el\r
+index 4b1baf3..a0a390f 100644\r
+--- a/emacs/notmuch-show.el\r
++++ b/emacs/notmuch-show.el\r
+@@ -721,6 +721,10 @@ All currently available key bindings:\r
+ "Return the message id of the current message."\r
+ (concat "id:" (notmuch-show-get-prop :id)))\r
+ \r
++(defun notmuch-show-quoted-message-id ()\r
++ "Return the message id of the current message, quoted for shell."\r
++ (shell-quote-argument (notmuch-show-get-message-id)))\r
++\r
+ ;; dme: Would it make sense to use a macro for many of these?\r
+ \r
+ (defun notmuch-show-get-filename ()\r
+@@ -915,7 +919,7 @@ to stdout or stderr will appear in the *Messages* buffer."\r
+ (apply 'notmuch-call-notmuch-process\r
+ (append (cons "tag"\r
+ (mapcar (lambda (s) (concat "+" s)) toadd))\r
+- (cons (notmuch-show-get-message-id) nil)))\r
++ (cons (notmuch-show-quoted-message-id) nil)))\r
+ (notmuch-show-set-tags (sort (union toadd (notmuch-show-get-tags) :test 'string=) 'string<)))\r
+ \r
+ (defun notmuch-show-remove-tag (&rest toremove)\r
+@@ -929,7 +933,7 @@ to stdout or stderr will appear in the *Messages* buffer."\r
+ (apply 'notmuch-call-notmuch-process\r
+ (append (cons "tag"\r
+ (mapcar (lambda (s) (concat "-" s)) toremove))\r
+- (cons (notmuch-show-get-message-id) nil)))\r
++ (cons (notmuch-show-quoted-message-id) nil)))\r
+ (notmuch-show-set-tags (sort (set-difference tags toremove :test 'string=) 'string<))))))\r
+ \r
+ (defun notmuch-show-toggle-headers ()\r
+-- \r
+1.7.0.4\r
+\r
projects / notmuch-archives.git / commitdiff