emacs-orgmode@gnu.org archives
 help / color / mirror / code / Atom feed
From: Max Nikulin <manikulin@gmail.com>
To: emacs-orgmode@gnu.org
Subject: Re: [PATCH] Fix FAQ entry about mailto links.
Date: Fri, 7 Jan 2022 18:03:19 +0700	[thread overview]
Message-ID: <sr96lp$jf8$1@ciao.gmane.io> (raw)
In-Reply-To: <FEAD92A6-87DE-4CFF-8459-E3D012DD3F52@sift.net>

On 07/01/2022 01:34, Robert Goldman wrote:
> 
> The old entry referred to the variable =org-link-mailto-program= which
> was removed from org-mode almost eight years ago!  See org-mode commit
> b9f2e17f07faf01109fc6f7f1eb5a34e0f97eafb

Unfortunately FAQ has a lot of obsolete recipes. Generally it is great 
when answers are updated with contemporary info. I have a couple of 
questions concerning your patch though.

> diff --git a/org-faq.org b/org-faq.org
> 
>   The default function called is =browse-url=, which opens a mail
>   composition buffer within Emacs. The type of buffer opened by
> -browse-url depends on the setting of the variable =mail-user-agent=.
> +=browse-url= depends on the setting of the variable =mail-user-agent=.

[[info:emacs#Browse-URL][info "(emacs) Browse-URL"]] link to the Emacs 
manual might be used. I am unsure however if it is really necessary.

> +You can also change the function used to a different one.  For
> +example, the following function (on MacOS) opens =mailto:= links in
> +the =MailMate= program:
> +
> +#+begin_src elisp
> +("mailto" :follow
     ^
It seems, `org-link-set-parameters' is missed. I am not an experienced 
emacs user, so my question may be naive. There is 
`browse-url-mailto-function' since Emacs-24.1 that should be called by 
`browse-url'. Is there a reason to avoid its customization instead?

> +      (lambda
> +        (path)
> +        (shell-command
> +         (format "open -a MailMate 'mailto:%s'" path))))
> +#+end_src

Shell commands require a lot of care otherwise they become an open door 
to security vulnerabilities. I am a linux user and I have tried a dialog 
application instead of real mailer for a test:

---- >8 ----
#+begin_src elisp :results silent
(org-link-set-parameters
   "mailto" :follow
	(lambda
	  (path)
	  (shell-command
	   (format "zenity --info --no-markup --title 'org mailto: test' --text 
'mailto:%s'" path))))
#+end_src

[[mailto:Hacker '`mktemp mailto-vulnerability.XXXXXX`' <hack@te.st>]]
---- 8< -----

Following the link (C-c C-o) caused creation of a file in the current 
directory.

Arguments to shell should be at least passed through 
`shell-quote-argument'. A better way is to use more verbose function 
that accepts arguments as a list and directly executes the binary 
without interpreting anything by shell.

Another problem that the command above blocked emacs session. I do not 
know a reliable way to launch a detached process from emacs. When 
someone adds a code that should perform such task, it usually suffers 
from a decade-old bug 
https://lists.gnu.org/archive/html/emacs-devel/2009-07/msg00279.html 
Current code in `mailcup-view-mime' and in `org-open-file' suffers from 
at least three other problems: I do not know anything about first one 
besides that it is somehow related to compatibility, another one assumed 
to be rather rare, third one is that the process have to be killed on 
exiting from emacs.

So, I hope, `make-process' is better than `shell-command', but a 
specific application might make emacs CPU hungry.

A recipe having security issues, in my opinion, is worse than no example 
at all.



  reply	other threads:[~2022-01-07 11:08 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-06 18:34 Robert Goldman
2022-01-07 11:03 ` Max Nikulin [this message]
2022-02-07 16:59   ` Max Nikulin
2022-02-10 17:42     ` Robert Goldman
2022-02-14 13:22       ` [PATCH v3] " Max Nikulin
2022-02-16  1:29         ` Robert Goldman
2022-02-25 12:20           ` Max Nikulin
2022-03-12 14:35             ` Max Nikulin
2022-03-12 15:50 ` [PATCH] " Max Nikulin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://www.orgmode.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='sr96lp$jf8$1@ciao.gmane.io' \
    --to=manikulin@gmail.com \
    --cc=emacs-orgmode@gnu.org \
    --subject='Re: [PATCH] Fix FAQ entry about mailto links.' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Code repositories for project(s) associated with this inbox:

	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).