Return-Path: X-Original-To: notmuch@notmuchmail.org Delivered-To: notmuch@notmuchmail.org Received: from localhost (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id AE10A4196F0 for ; Fri, 28 May 2010 17:02:45 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at olra.theworths.org X-Spam-Flag: NO X-Spam-Score: 0.8 X-Spam-Level: X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8] autolearn=ham Received: from olra.theworths.org ([127.0.0.1]) by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id duDkWGmGuBXk for ; Fri, 28 May 2010 17:02:35 -0700 (PDT) X-Greylist: delayed 425 seconds by postgrey-1.32 at olra; Fri, 28 May 2010 17:02:35 PDT Received: from contrapunctus.net (contrapunctus.net [207.210.219.173]) by olra.theworths.org (Postfix) with ESMTP id 3153A431FC1 for ; Fri, 28 May 2010 17:02:35 -0700 (PDT) Received: from ansible (unknown [96.239.99.202]) by contrapunctus.net (Postfix) with ESMTPSA id C614B9456 for ; Fri, 28 May 2010 19:55:27 -0400 (EDT) From: Christopher League To: notmuch@notmuchmail.org Subject: [PATCH] quoting message-IDs for the shell User-Agent: Notmuch/0.3.1-17-gc50524e (http://notmuchmail.org) Emacs/23.1.1 (i486-pc-linux-gnu) Date: Fri, 28 May 2010 19:55:25 -0400 Message-ID: <87bpbztwcy.fsf@contrapunctus.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 May 2010 00:02:45 -0000 Hello all, I'm new to notmuch and having fun so far, although it has some rough edges! I hope I can help polish some things, but please be kind if I make any missteps as I begin to engage with this community! One thing I noticed is that sometimes the tag removal would fail and messages would stay in my inbox after I had supposedly read and archived them. It turned out that these messages had dollar signs in the message IDs, causing them to be interpreted strangely by the shell! So below is a small patch that quotes message IDs when adding and removing tags. I looked for a lower-level place to do more systematic quoting, but I thought it would be more likely to break things. There is code for quoting search-terms already. It occurs to me that since Message-IDs are external data, and we're passing them to the shell, this could be an EXTREMELY dangerous security hole.. but I won't be the one to craft an email to this list with some ";rm -rf /;" component in the Message-ID... Best, Chris --- emacs/notmuch-show.el | 8 ++++++-- 1 files changed, 6 insertions(+), 2 deletions(-) diff --git a/emacs/notmuch-show.el b/emacs/notmuch-show.el index 4b1baf3..a0a390f 100644 --- a/emacs/notmuch-show.el +++ b/emacs/notmuch-show.el @@ -721,6 +721,10 @@ All currently available key bindings: "Return the message id of the current message." (concat "id:" (notmuch-show-get-prop :id))) +(defun notmuch-show-quoted-message-id () + "Return the message id of the current message, quoted for shell." + (shell-quote-argument (notmuch-show-get-message-id))) + ;; dme: Would it make sense to use a macro for many of these? (defun notmuch-show-get-filename () @@ -915,7 +919,7 @@ to stdout or stderr will appear in the *Messages* buffer." (apply 'notmuch-call-notmuch-process (append (cons "tag" (mapcar (lambda (s) (concat "+" s)) toadd)) - (cons (notmuch-show-get-message-id) nil))) + (cons (notmuch-show-quoted-message-id) nil))) (notmuch-show-set-tags (sort (union toadd (notmuch-show-get-tags) :test 'string=) 'string<))) (defun notmuch-show-remove-tag (&rest toremove) @@ -929,7 +933,7 @@ to stdout or stderr will appear in the *Messages* buffer." (apply 'notmuch-call-notmuch-process (append (cons "tag" (mapcar (lambda (s) (concat "-" s)) toremove)) - (cons (notmuch-show-get-message-id) nil))) + (cons (notmuch-show-quoted-message-id) nil))) (notmuch-show-set-tags (sort (set-difference tags toremove :test 'string=) 'string<)))))) (defun notmuch-show-toggle-headers () -- 1.7.0.4