[PATCH] Fix mml-quoting in responses where pgp-signing is enabled
Tim Bielawa
tbielawa at redhat.com
Sat Mar 3 17:12:12 PST 2012
On Sun, 04 Mar 2012 01:36:29 +0200, Jani Nikula <jani at nikula.org> wrote:
> On Sat, 3 Mar 2012 17:04:22 -0500, Tim Bielawa <tbielawa at redhat.com> wrote:
> > The addition of mml-quote-region (notmuch-mua.el) in 2c6710e3 breaks
> > automatic signing in replies. When replies are mml-quoted and signing
> > is enabled by default the "<#part sign=pgpmime>" string will appear on
> > line 1. This will be consumed during the application of the
> > mml-quote-region function and transform into the inert string
> > "<#!part sign=pgpmime>". The result is that responses will no longer
> > be signed by default.
> >
> > This fix moves the point forward one line before applying the quoting
> > function.
> >
> > Consideration: Clients not signing mail by default. The first line of
> > their responses would be skipped when the quoting function is
> > applied. This string takes this general form:
> >
> > On Sat, 03 Mar 2012 12:55:14 -0800, notmuch-request at notmuchmail.org wrote:
> >
> > Because the string is generated by notmuch I don't believe this fix
> > introduces the possibility for malicious mml commands being omitted
> > from the quoting.
>
> Hmm, would it work to mml quote the reply *before* extracting it from
> the temp buffer, like below? It would handle not mml quoting the user's
> signature too. Completely untested...
>
> BR,
> Jani.
>
>
> diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el
> index 4be7c13..13244eb 100644
> --- a/emacs/notmuch-mua.el
> +++ b/emacs/notmuch-mua.el
> @@ -95,6 +95,9 @@ list."
> (goto-char (point-min))
> (setq headers (mail-header-extract)))))
> (forward-line 1)
> + ;; Original message may contain (malicious) MML tags. We must
> + ;; properly quote them in the reply.
> + (mml-quote-region (point) (point-max))
> (setq body (buffer-substring (point) (point-max))))
> ;; If sender is non-nil, set the From: header to its value.
> (when sender
> @@ -116,12 +119,7 @@ list."
> (push-mark))
> (set-buffer-modified-p nil)
>
> - (message-goto-body)
> - ;; Original message may contain (malicious) MML tags. We must
> - ;; properly quote them in the reply. Note that using `point-max'
> - ;; instead of `mark' here is wrong. The buffer may include user's
> - ;; signature which should not be MML-quoted.
> - (mml-quote-region (point) (mark)))
> + (message-goto-body))
>
> (defun notmuch-mua-forward-message ()
> (message-forward)
Works great. Passes unit tests. Definitely a better approach than the
original patch.
> Notmuch test suite complete.
> All 381 tests behaved as expected (2 expected failures).
+1 from me (this message replied to and signed using the new patch)
--
Tim Bielawa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 162 bytes
Desc: not available
URL: <http://notmuchmail.org/pipermail/notmuch/attachments/20120303/bb4be939/attachment.pgp>
More information about the notmuch
mailing list