$NetBSD$

 2008-01-24 Kevin Krammer <kevin.krammer@gmx.at>
     * Fixing security issue in xdg-email and xdg-open at replacing
       parameter in $BROWSER
(and modifies to sync 1.1.0-rc1 to be safe with some shells)

--- scripts/xdg-email.orig	2007-06-25 04:58:04.000000000 +0900
+++ scripts/xdg-email	2011-04-05 23:24:46.000000000 +0900
@@ -435,7 +435,9 @@
     for browser in $BROWSER; do
         if [ x"$browser" != x"" ]; then
 
-            browser_with_arg=`echo "$browser" | sed s#%s#"$1"#`
+            browser_with_arg=`printf "$browser" "$1" 2>/dev/null`
+            if [ $? -ne 0 ]; then browser_with_arg=$browser;
+            fi
 
             if [ x"$browser_with_arg" = x"$browser" ]; then "$browser" "$1";
             else $browser_with_arg;
@@ -465,7 +467,7 @@
             c = substr ($0, i, 1)
             if ( ord [c] > 127 ) {
                 e = e "%" sprintf("%02X", ord [c])
-            } else if ( c ~ /[@a-zA-Z0-9.-]/ ) {
+            } else if ( c ~ /[@a-zA-Z0-9.-\\\/]/ ) {
                 e = e c
             } else {
                 e = e "%" sprintf("%02X", ord [c])