[PATCH] emacs: Quote MML tags in replies

[Austin Clements]

Quoth Pieter Praet on Jan 19 at 11:23 pm:
> On Thu, 19 Jan 2012 13:43:09 -0500, Aaron Ecay <aaronecay at gmail.com> wrote:
> > Emacs message-mode uses certain text strings to indicate how to attach
> > files to outgoing mail.  If these are present in the text of an email,
> > and a user is tricked into replying to the message, the user’s files
> > could be exposed.
> > ---
> > 
> > To demonstrate this, open a reply to this message then remove the
> > exclamation marks after the hash marks below.  Create a file in your
> > home directory called passwd.  Then press C-u M-x mml-preview.  A
> > (possibly base64-encoded) version of your ~/passwd file will replace
> > the following lines:
> > 
> > <#!part type="application/octet-stream" filename="~/passwd"
> > disposition=attachment description=foo>
> > <#!/part>
> > 
> > It works equally well (and more dangerously) with /etc/passwd, but I
> > didn't use that filename here to avoid the danger of someone
> > accidentally attaching their /etc/passwd to a reply in this thread!
> > 
> >  emacs/notmuch-mua.el |    3 ++-
> >  1 files changed, 2 insertions(+), 1 deletions(-)
> > 
> > diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el
> > index d8ab822..c25c6b9 100644
> > --- a/emacs/notmuch-mua.el
> > +++ b/emacs/notmuch-mua.el
> > @@ -115,7 +115,8 @@ list."
> >      (push-mark))
> >    (set-buffer-modified-p nil)
> >  
> > -  (message-goto-body))
> > +  (message-goto-body)
> > +  (mml-quote-region (point) (mark)))
> >  
> >  (defun notmuch-mua-forward-message ()
> >    (message-forward)
> 
> Wow, nice catch!  You've just earned yourself a raise!

Indeed.

> An urgent +1 !
> 
> 
> ### OT:
> For some reason, `mml-quote-region' explicitly re-quotes
> already quoted MML tags:
> 
>   "<#!*/?\\(multipart\\|part\\|external\\|mml\\)"
> 
> Why is that ?

Probably so the transformation is invertible, though as far as I can
tell there's no mml-unquote-region.