New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
special characters in filename are not escaped for error messages #503
Comments
There's also a minor issue when the file is viewable:
With just
in reverse video, which is OK. But with
where only |
Cross reference to a downstream report: https://bugs.debian.org/1069681 |
Probably fixed in e98b228. |
Ok, as far as I can tell, this is fixed. |
Just for clarity with the above reference: 2a642a0 should be the isolated fix itself. |
Do you plan to publish a new version soon? We're seeing the current version flagged with https://nvd.nist.gov/vuln/detail/CVE-2024-32487 |
Yes, less-654 is in beta testing now. If no serious problems turn up, I expect to release it within a couple of weeks. |
With the current
less
from Git and previous versions, special characters in filename are not escaped for error messages. This can do bad things in the terminal.For instance, with a shell that accepts the
$'...'
syntax (otherwise Ctrl-V should be used to enter the escape character):and the terminal is put in reverse video. One can also use
test$'\033'\[\?40h$'\033'\[\?3h
in a 80-column xterm, which has the effect to resize the terminal to 132 columns.The text was updated successfully, but these errors were encountered: