[695] in Zephyr_Bugs
Minor prob. w/ default .zwgc.desc
daemon@ATHENA.MIT.EDU (John Hawkinson)
Wed Aug 30 18:49:45 1995
Date: Wed, 30 Aug 1995 18:49:33 -0400
To: bug-zephyr@MIT.EDU
Cc: joanna@MIT.EDU
From: John Hawkinson <jhawk@MIT.EDU>
It came out of a joanna-induced discussion on -i help
that the default .zwgc.desc fails to protect the
sender's name from being maligned by such things as
@color[RED] in the signature from bleeding into
the sender name and angle brackets. This might seem
like a small thing, but not fixing it results in some people
using it as example resulting in more problematic situations
(particularly when using protect() not within the confines of
an @bold() or something).
How corruptible is $sender, anyway? Do we need a @() around it
within the <>'s, or do we assume that it will never have zephyr
stuff in it (in which case why do we use protect()). Actually,
isn't $sender a perfect candidate for verbatim()?
--jhawk
*** zwgc.desc Wed Aug 30 18:32:50 1995
--- zwgc.desc.fixed Wed Aug 30 18:34:17 1995
***************
*** 110,116 ****
if ($signature == "") then
set ftext = "From: @bold("+protect($sender)+")"
else
! set ftext = "From: @bold("+protect($signature)+" <"+
protect($sender)+">)"
endif
--- 110,116 ----
if ($signature == "") then
set ftext = "From: @bold("+protect($sender)+")"
else
! set ftext = "From: @bold(@("+protect($signature)+") <"+
protect($sender)+">)"
endif
