GNU bug report logs - #16984
dired-do-rename susceptible to .../~/... hijack

Previous Next

Package: emacs;

Reported by: 積丹尼 Dan Jacobson <jidanni <at> jidanni.org>

Date: Mon, 10 Mar 2014 22:57:02 UTC

Severity: minor

Tags: confirmed, fixed, patch

Found in version 25.1

Fixed in version 26.1

Done: npostavs <at> users.sourceforge.net

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: npostavs <at> users.sourceforge.net
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: michael.albinus <at> gmx.de, 16984 <at> debbugs.gnu.org, jidanni <at> jidanni.org
Subject: bug#16984: dired-do-rename susceptible to .../~/... hijack
Date: Thu, 08 Dec 2016 23:56:43 -0500

[Message part 1 (text/plain, inline)]
Eli Zaretskii <eliz <at> gnu.org> writes:

>> From: npostavs <at> users.sourceforge.net
>> Cc: 16984 <at> debbugs.gnu.org,  Eli Zaretskii <eliz <at> gnu.org>,  jidanni <at> jidanni.org
>> Date: Thu, 08 Dec 2016 09:39:35 -0500
>> 
>>     (defun minibuffer-maybe-quote-filename (filename)
>>       "Protect FILENAME from `substitute-in-file-name', as needed.
>>     Useful to give the user default values that won't be substituted."
>>       (let ((local (file-remote-p filename 'localname)))
>>         (if (and (not (string-prefix-p "/:" local))
>>                  (file-name-absolute-p filename)
>>                  (string-match-p "/~" local))
>>             (tramp-quote-name filename)
>>           (minibuffer--double-dollars filename))))
>
> Is the argument guaranteed to come from expand-file-name?  If not, it
> should also accept file names matching "\~" on MS platforms.

I think it does, but I'm not entirely sure.  Better safe than sorry?


[v5-0001-Quote-filenames-containing-in-prompts.patch (text/plain, attachment)]
This bug report was last modified 8 years and 160 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.