Bugfixes

* maidag/deliver.c: Run filter scripts with user privileges.
* maidag/script.c (apply_script): Use stat, not access, to check
for the existence of the script file. Access takes into account
accessibility of intermediate directories, which is irrelevant
in this case.
* mailbox/mutil.c (mu_expand_path_pattern): Bugfix.  Remove the
% format specifiers after expanding them.

@@ -307,7 +307,12 @@ deliver_url (mu_url_t url, mu_message_t msg, const char *name, char **errp)
       if (current_uid)
 	auth->change_uid = 0;
 
-      if (script_apply (msg, auth))
+      if (switch_user_id (auth, 1))
+	return EX_TEMPFAIL;
+      status = script_apply (msg, auth);
+      if (switch_user_id (auth, 0))
+	return EX_TEMPFAIL;
+      if (status)
 	{
 	  exit_code = EX_OK;
 	  mu_auth_data_free (auth);

@@ -120,12 +120,18 @@ apply_script (void *item, void *data)
   struct apply_script_closure *clos = data;
   char *progfile;
   int rc;
+  struct stat st;
   
   progfile = mu_expand_path_pattern (scr->pat, clos->auth->name);
-  if (access (progfile, R_OK))
+  if (stat (progfile, &st))
     {
       if (debug_level > 2)
-	mu_diag_output (MU_DIAG_DEBUG, _("Access to %s failed: %m"), progfile);
+	mu_diag_output (MU_DIAG_DEBUG, _("cannot stat %s: %s"),
+			progfile, mu_strerror (errno));
+      else if (errno != ENOENT)
+	mu_diag_output (MU_DIAG_NOTICE, _("cannot stat %s: %s"),
+			progfile, mu_strerror (errno));
+      
       free (progfile);
       return 0;
     }

@@ -883,7 +883,8 @@ mu_expand_path_pattern (const char *pattern, const char *username)
 	  q += strlen (auth->dir);
 	  p++;
 	}
-      else if (*p)
+      else if (*p == '%')
+	{
 	  switch (*++p)
 	    {
 	    case 'u':
@@ -904,6 +905,8 @@ mu_expand_path_pattern (const char *pattern, const char *username)
 	      *q++ = '%';
 	      *q++ = *p;
 	    }
+	  p++;
+	}
     }
 
   *q = 0;