Re: [PATCH] Fix mml-quoting in responses where pgp-signing is enabled

Tim Bielawa tbielawa at redhat.com
Sat Mar 3 15:54:55 PST 2012 

Great point, I considered that too after I authored the original patch. It's a better approach I think. I'll try and give it a test run later tonight.


-----Original Message-----
From: Jani Nikula [jani at nikula.org]
Received: Saturday, 03 Mar 2012, 6:36pm
To: Tim Bielawa [tbielawa at redhat.com]; notmuch at notmuchmail.org
Subject: Re: [PATCH] Fix mml-quoting in responses where pgp-signing is enabled


On Sat,  3 Mar 2012 17:04:22 -0500, Tim Bielawa <tbielawa at redhat.com> wrote:
> The addition of mml-quote-region (notmuch-mua.el) in 2c6710e3 breaks
> automatic signing in replies. When replies are mml-quoted and signing
> is enabled by default the "<#part sign=pgpmime>" string will appear on
> line 1. This will be consumed during the application of the
> mml-quote-region function and transform into the inert string
> "<#!part sign=pgpmime>". The result is that responses will no longer
> be signed by default.
> 
> This fix moves the point forward one line before applying the quoting
> function.
> 
> Consideration: Clients not signing mail by default. The first line of
> their responses would be skipped when the quoting function is
> applied. This string takes this general form:
> 
>     On Sat, 03 Mar 2012 12:55:14 -0800, notmuch-request at notmuchmail.org wrote:
> 
> Because the string is generated by notmuch I don't believe this fix
> introduces the possibility for malicious mml commands being omitted
> from the quoting.

Hmm, would it work to mml quote the reply *before* extracting it from
the temp buffer, like below? It would handle not mml quoting the user's
signature too. Completely untested...

BR,
Jani.


diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el
index 4be7c13..13244eb 100644
--- a/emacs/notmuch-mua.el
+++ b/emacs/notmuch-mua.el
@@ -95,6 +95,9 @@ list."
 	      (goto-char (point-min))
 	      (setq headers (mail-header-extract)))))
       (forward-line 1)
+      ;; Original message may contain (malicious) MML tags. We must
+      ;; properly quote them in the reply.
+      (mml-quote-region (point) (point-max))
       (setq body (buffer-substring (point) (point-max))))
     ;; If sender is non-nil, set the From: header to its value.
     (when sender
@@ -116,12 +119,7 @@ list."
     (push-mark))
   (set-buffer-modified-p nil)
 
-  (message-goto-body)
-  ;; Original message may contain (malicious) MML tags.  We must
-  ;; properly quote them in the reply.  Note that using `point-max'
-  ;; instead of `mark' here is wrong.  The buffer may include user's
-  ;; signature which should not be MML-quoted.
-  (mml-quote-region (point) (mark)))
+  (message-goto-body))
 
 (defun notmuch-mua-forward-message ()
   (message-forward)

More information about the notmuch mailing list