X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=Debbugs%2FRecipients.pm;h=9421a6008e835c4ea235876f00a862faad472339;hb=b1475869e85882a164576942e68ea2e40074d145;hp=572f6e758a7a8778b31cdd6cc73e051098ff9634;hpb=a156d178178b3a994e27991ecb16718aefff5167;p=debbugs.git

diff --git a/Debbugs/Recipients.pm b/Debbugs/Recipients.pm
index 572f6e7..9421a60 100644
--- a/Debbugs/Recipients.pm
+++ b/Debbugs/Recipients.pm
@@ -291,8 +291,13 @@ sub determine_recipients {
 			 $level = 'cc';
 		    }
 	       }
-	       # strip out all non-word non-spaces
-	       $reason =~ s/[^\ \w]//g;
+	       # RFC 2822 comments cannot contain specials and
+	       # unquoted () or \; there's no reason for us to allow
+	       # insane things here, though, so we restrict this even
+	       # more to 20-7E ( -~)
+	       $reason =~ s/\\/\\\\/g;
+	       $reason =~ s/([\)\(])/\\$1/g;
+	       $reason =~ s/[^\x20-\x7E]//g;
 	       push @reasons, $reason . ' for {'.join(',',@bugs).'}';
 	  }
 	  if ($param{address_only}) {