[PATCH] emacs: Quote MML tags in replies
Austin Clements
amdragon at MIT.EDU
Thu Jan 19 14:48:42 PST 2012
LGTM and I think it could go in despite my two comments below.
Quoth Aaron Ecay on Jan 19 at 1:43 pm:
> Emacs message-mode uses certain text strings to indicate how to attach
> files to outgoing mail. If these are present in the text of an email,
> and a user is tricked into replying to the message, the user’s files
> could be exposed.
> ---
>
> To demonstrate this, open a reply to this message then remove the
> exclamation marks after the hash marks below. Create a file in your
> home directory called passwd. Then press C-u M-x mml-preview. A
> (possibly base64-encoded) version of your ~/passwd file will replace
> the following lines:
>
> <#!part type="application/octet-stream" filename="~/passwd"
> disposition=attachment description=foo>
> <#!/part>
>
> It works equally well (and more dangerously) with /etc/passwd, but I
> didn't use that filename here to avoid the danger of someone
> accidentally attaching their /etc/passwd to a reply in this thread!
>
> emacs/notmuch-mua.el | 3 ++-
> 1 files changed, 2 insertions(+), 1 deletions(-)
>
> diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el
> index d8ab822..c25c6b9 100644
> --- a/emacs/notmuch-mua.el
> +++ b/emacs/notmuch-mua.el
> @@ -115,7 +115,8 @@ list."
> (push-mark))
> (set-buffer-modified-p nil)
>
> - (message-goto-body))
> + (message-goto-body)
> + (mml-quote-region (point) (mark)))
Did you consider using point-max instead of mark? IIRC, that mark was
very recently introduced which, perhaps irrationally, makes it seem
less future-proof to me.
>
> (defun notmuch-mua-forward-message ()
> (message-forward)
Speaking of future-proofing, it would be good to have a test.
More information about the notmuch
mailing list