On Thu, Apr 01, 2010 at 05:30:26PM +0200, Simon Ruderich wrote:
> This patch improves the description of $query_format to mention
> that no quotes shouldn't be used around %s.
I reworked that section to be more clear:
This specifies the command Mutt will use to make external address
queries. The string may contain a â%sâ, which will be substituted with
the query string the user types. Mutt will add quotes around the string
substituted for â%sâ automatically according to shell quoting rules, so
you should avoid adding your own. If no â%sâ is found in the string,
Mutt will append the user's query to the end of the string. See âqueryâ
for more information.
I would not consider it a security issue, however. $query_command is
only ever expanded using a string the Mutt user types in, not any data
received externally.
> I'm not sure what $query is, so I left it unchanged.
It's a reference to the "External Address Queries" section in the
manual (aka http://www.mutt.org/doc/devel/manual.html#query).
me
Attachment:
pgpjkjv3wdZin.pgp
Description: PGP signature