You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
I weren't completely sure if this issue has low priority because I don't know if there are valid use cases for such filenames or if this problem is a symptom of a higher priority problem.
It is a slight problem in that it can be used to inject remote commands from a filename, but even so they are pretty much harmless.
Btw: Another low priority issue is the possibility to add quotes in the filename to change some messages: […]
This should be another issue, but actually I don't think it is an issue, and what can we do? There will always be a way of naming a file that results in a confusing message if that message contains the filename. We could perform some escaping, but thus we wouldn't show the actual filename. Maybe we could somehow make that italics or so so that it stands out better… not sure it's worth it if it's not super easy.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.