From 2b0c0cf199b11e0bb5d283bd1df997f1241656e5 Mon Sep 17 00:00:00 2001
From: Kevin Chan <aaacdx@gmail.com>
Date: Mon, 8 Aug 2022 23:20:52 +0800
Subject: [PATCH] mitigation for CVE-2015-20107 (#271)

Fixes: https://github.com/paul-nameless/tg/issues/270

Co-authored-by: Kevin Chan <a.aacdx@gmail.com>
---
 tg/utils.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tg/utils.py b/tg/utils.py
index 2013395..e895bf8 100644
--- a/tg/utils.py
+++ b/tg/utils.py
@@ -85,7 +85,7 @@ def get_file_handler(file_path: str) -> str:
         return config.DEFAULT_OPEN.format(file_path=shlex.quote(file_path))
 
     caps = get_mailcap()
-    handler, view = mailcap.findmatch(caps, mtype, filename=file_path)
+    handler, view = mailcap.findmatch(caps, mtype, filename=shlex.quote(file_path))
     if not handler:
         return config.DEFAULT_OPEN.format(file_path=shlex.quote(file_path))
     return handler