On Thu, Apr 01, 2010 at 09:59:37AM -0700, Michael Elkins wrote: > On Thu, Apr 01, 2010 at 05:30:26PM +0200, Simon Ruderich wrote: >> This patch improves the description of $query_format to mention >> that no quotes shouldn't be used around %s. > > I reworked that section to be more clear: > > This specifies the command Mutt will use to make external address > queries. The string may contain a â%sâ, which will be substituted with > the query string the user types. Mutt will add quotes around the string > substituted for â%sâ automatically according to shell quoting rules, so > you should avoid adding your own. If no â%sâ is found in the string, > Mutt will append the user's query to the end of the string. See âqueryâ > for more information. Thanks. > I would not consider it a security issue, however. $query_command is > only ever expanded using a string the Mutt user types in, not any data > received externally. I run it sometimes on a email from another user (for example in the send menu) to fix their name if they forgot to add it. But you're right, that's not really a security problem. >> I'm not sure what $query is, so I left it unchanged. > > It's a reference to the "External Address Queries" section in the > manual (aka http://www.mutt.org/doc/devel/manual.html#query). > > me Thanks for your quick reply. Simon -- + privacy is necessary + using gnupg http://gnupg.org + public key id: 0x92FEFDB7E44C32F9
Attachment:
pgpXGk7QPAHGF.pgp
Description: PGP signature