Shell-escape file path passed to commands

tg/config.py

@@ -31,17 +31,17 @@ TDLIB_VERBOSITY = 0
 MAX_DOWNLOAD_SIZE = "10MB"
 
 # TODO: check platform
-NOTIFY_CMD = "/usr/local/bin/terminal-notifier -title '{title}' -subtitle '{subtitle}' -message '{msg}' -appIcon '{icon_path}'"
+NOTIFY_CMD = "/usr/local/bin/terminal-notifier -title {title} -subtitle {subtitle} -message {msg} -appIcon {icon_path}"
 
 HELP_CMD = "less"
 
 if _os_name == _linux:
     VOICE_RECORD_CMD = (
-        "ffmpeg -f alsa -i default -c:a libopus -b:a 32k '{file_path}'"
+        "ffmpeg -f alsa -i default -c:a libopus -b:a 32k {file_path}"
     )
 else:
     VOICE_RECORD_CMD = (
-        "ffmpeg -f avfoundation -i ':0' -c:a libopus -b:a 32k '{file_path}'"
+        "ffmpeg -f avfoundation -i ':0' -c:a libopus -b:a 32k {file_path}"
     )
 
 # TODO: use mailcap instead of editor
@@ -49,9 +49,9 @@ LONG_MSG_CMD = "vim + -c 'startinsert' {file_path}"
 EDITOR = os.environ.get("EDITOR", "vi")
 
 if _os_name == _linux:
-    DEFAULT_OPEN = "xdg-open '{file_path}'"
+    DEFAULT_OPEN = "xdg-open {file_path}"
 else:
-    DEFAULT_OPEN = "open '{file_path}'"
+    DEFAULT_OPEN = "open {file_path}"
 
 if _os_name == _linux:
     COPY_CMD = "xclip -selection c"

tg/controllers.py

@@ -1,6 +1,7 @@
 import curses
 import logging
 import os
+import shlex
 import threading
 from datetime import datetime
 from functools import partial, wraps
@@ -91,7 +92,7 @@ class Controller:
             return
         if len(urls) == 1:
             with suspend(self.view) as s:
-                s.call(config.DEFAULT_OPEN.format(file_path=url))
+                s.call(config.DEFAULT_OPEN.format(file_path=shlex.quote(url)))
             return
         with suspend(self.view) as s:
             s.run_with_input(config.URL_VIEW, "\n".join(urls))
@@ -224,7 +225,7 @@ class Controller:
         ) as s:
             f.write(insert_replied_msg(msg))
             f.seek(0)
-            s.call(config.LONG_MSG_CMD.format(file_path=f.name))
+            s.call(config.LONG_MSG_CMD.format(file_path=shlex.quote(f.name)))
             with open(f.name) as f:
                 if msg := strip_replied_msg(f.read().strip()):
                     self.tg.reply_message(chat_id, reply_to_msg, msg)
@@ -251,7 +252,7 @@ class Controller:
         with NamedTemporaryFile("r+", suffix=".txt") as f, suspend(
             self.view
         ) as s:
-            s.call(config.LONG_MSG_CMD.format(file_path=f.name))
+            s.call(config.LONG_MSG_CMD.format(file_path=shlex.quote(f.name)))
             with open(f.name) as f:
                 if msg := f.read().strip():
                     self.model.send_message(text=msg)
@@ -301,7 +302,11 @@ class Controller:
     def record_voice(self):
         file_path = f"/tmp/voice-{datetime.now()}.oga"
         with suspend(self.view) as s:
-            s.call(config.VOICE_RECORD_CMD.format(file_path=file_path))
+            s.call(
+                config.VOICE_RECORD_CMD.format(
+                    file_path=shlex.quote(file_path)
+                )
+            )
         resp = self.view.status.get_input(
             f"Do you want to send recording: {file_path}? [Y/n]"
         )

tg/utils.py

@@ -74,7 +74,7 @@ def get_file_handler(file_path, default=None):
     caps = mailcap.getcaps()
     handler, view = mailcap.findmatch(caps, mtype, filename=file_path)
     if not handler:
-        return config.DEFAULT_OPEN.format(file_path=file_path)
+        return config.DEFAULT_OPEN.format(file_path=shlex.quote(file_path))
     return handler
 
 
@@ -148,9 +148,11 @@ def notify(
     if not cmd:
         return
     notify_cmd = cmd.format(
-        icon_path=config.ICON_PATH, title=title, subtitle=subtitle, msg=msg
+        icon_path=shlex.quote(config.ICON_PATH),
+        title=shlex.quote(title),
+        subtitle=shlex.quote(subtitle),
+        msg=shlex.quote(msg),
     )
-    log.info("notify-cmd: %s", notify_cmd)
     os.system(notify_cmd)