exceptions to indicate the error condition. Any subsequent calls
into libnotmuch caused segmentation faults.
+Quote MML tags in replies
+
+ MML tags are text codes that Emacs uses to indicate attachments
+ (among other things) in messages being composed. The Emacs
+ interface did not quote MML tags in the quoted text of a reply.
+ User could be tricked into replying to a maliciously formatted
+ message and not editing out the MML tags from the quoted text. This
+ could lead to files from the user's machine being attached to the
+ outgoing message. The Emacs interface now quotes these tags in
+ reply text, so that they do not effect outgoing messages.
+
Notmuch 0.11 (2012-01-13)
=========================
(insert body))
(set-buffer-modified-p nil)
- (message-goto-body))
+ (message-goto-body)
+ ;; Original message may contain (malicious) MML tags. We must
+ ;; properly quote them in the reply. Note that using `point-max'
+ ;; instead of `mark' here is wrong. The buffer may include user's
+ ;; signature which should not be MML-quoted.
+ (mml-quote-region (point) (point-max)))
(defun notmuch-mua-forward-message ()
(message-forward)
test_expect_equal_file OUTPUT EXPECTED
test_begin_subtest "Quote MML tags in reply"
-test_subtest_known_broken
message_id='test-emacs-mml-quoting@message.id'
add_message [id]="$message_id" \
"[subject]='$test_subtest_name'" \
projects / notmuch.git / commitdiff