From 86b034ff4a6d360f47e93efae4d548bec0862f40 Mon Sep 17 00:00:00 2001 From: Pieter Praet Date: Thu, 19 Jan 2012 23:23:29 +0100 Subject: [PATCH] Re: [PATCH] emacs: Quote MML tags in replies --- 87/8e205d8532dbfce997e02378aacc5a67e7bf41 | 120 ++++++++++++++++++++++ 1 file changed, 120 insertions(+) create mode 100644 87/8e205d8532dbfce997e02378aacc5a67e7bf41 diff --git a/87/8e205d8532dbfce997e02378aacc5a67e7bf41 b/87/8e205d8532dbfce997e02378aacc5a67e7bf41 new file mode 100644 index 000000000..66780fccf --- /dev/null +++ b/87/8e205d8532dbfce997e02378aacc5a67e7bf41 @@ -0,0 +1,120 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by olra.theworths.org (Postfix) with ESMTP id A52B6431FAF + for ; Thu, 19 Jan 2012 14:25:23 -0800 (PST) +X-Virus-Scanned: Debian amavisd-new at olra.theworths.org +X-Spam-Flag: NO +X-Spam-Score: -0.7 +X-Spam-Level: +X-Spam-Status: No, score=-0.7 tagged_above=-999 required=5 + tests=[RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled +Received: from olra.theworths.org ([127.0.0.1]) + by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id OyGS15imj5SI for ; + Thu, 19 Jan 2012 14:25:23 -0800 (PST) +Received: from mail-ww0-f45.google.com (mail-ww0-f45.google.com + [74.125.82.45]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client + certificate requested) by olra.theworths.org (Postfix) with ESMTPS id + D6B36431FAE for ; Thu, 19 Jan 2012 14:25:22 -0800 + (PST) +Received: by wgbdt12 with SMTP id dt12so447008wgb.2 + for ; Thu, 19 Jan 2012 14:25:20 -0800 (PST) +Received: by 10.180.93.132 with SMTP id cu4mr42157627wib.9.1327011920213; + Thu, 19 Jan 2012 14:25:20 -0800 (PST) +Received: from localhost ([109.131.97.13]) + by mx.google.com with ESMTPS id gy6sm30423674wib.11.2012.01.19.14.25.19 + (version=TLSv1/SSLv3 cipher=OTHER); + Thu, 19 Jan 2012 14:25:19 -0800 (PST) +From: Pieter Praet +To: Aaron Ecay , notmuch@notmuchmail.org +Subject: Re: [PATCH] emacs: Quote MML tags in replies +In-Reply-To: <1326998589-37187-1-git-send-email-aaronecay@gmail.com> +References: <1326998589-37187-1-git-send-email-aaronecay@gmail.com> +User-Agent: Notmuch/0.11+99~gab86e73 (http://notmuchmail.org) Emacs/23.3.1 + (x86_64-unknown-linux-gnu) +Date: Thu, 19 Jan 2012 23:23:29 +0100 +Message-ID: <87wr8nuyam.fsf@praet.org> +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf-8 +Content-Transfer-Encoding: quoted-printable +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.13 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Thu, 19 Jan 2012 22:25:23 -0000 + +On Thu, 19 Jan 2012 13:43:09 -0500, Aaron Ecay wrote: +> Emacs message-mode uses certain text strings to indicate how to attach +> files to outgoing mail. If these are present in the text of an email, +> and a user is tricked into replying to the message, the user=E2=80=99s fi= +les +> could be exposed. +> --- +>=20 +> To demonstrate this, open a reply to this message then remove the +> exclamation marks after the hash marks below. Create a file in your +> home directory called passwd. Then press C-u M-x mml-preview. A +> (possibly base64-encoded) version of your ~/passwd file will replace +> the following lines: +>=20 +> <#!part type=3D"application/octet-stream" filename=3D"~/passwd" +> disposition=3Dattachment description=3Dfoo> +> <#!/part> +>=20 +> It works equally well (and more dangerously) with /etc/passwd, but I +> didn't use that filename here to avoid the danger of someone +> accidentally attaching their /etc/passwd to a reply in this thread! +>=20 +> emacs/notmuch-mua.el | 3 ++- +> 1 files changed, 2 insertions(+), 1 deletions(-) +>=20 +> diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el +> index d8ab822..c25c6b9 100644 +> --- a/emacs/notmuch-mua.el +> +++ b/emacs/notmuch-mua.el +> @@ -115,7 +115,8 @@ list." +> (push-mark)) +> (set-buffer-modified-p nil) +>=20=20 +> - (message-goto-body)) +> + (message-goto-body) +> + (mml-quote-region (point) (mark))) +>=20=20 +> (defun notmuch-mua-forward-message () +> (message-forward) +> --=20 +> 1.7.8.3 +>=20 +> _______________________________________________ +> notmuch mailing list +> notmuch@notmuchmail.org +> http://notmuchmail.org/mailman/listinfo/notmuch + +Wow, nice catch! You've just earned yourself a raise! + +An urgent +1 ! + + +### OT: +For some reason, `mml-quote-region' explicitly re-quotes +already quoted MML tags: + + "<#!*/?\\(multipart\\|part\\|external\\|mml\\)" + +Why is that ? + + +Peace + +--=20 +Pieter -- 2.26.2