]> git.phdru.name Git - mimedecode.git/blobdiff - mimedecode.py
projects / mimedecode.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Check filenames for --save-* for forbidden characters
[mimedecode.git] / mimedecode.py
diff --git a/mimedecode.py b/mimedecode.py
index c1731d6336c5ab8eff9e5928a61a9cce1181ddc2..da63350485e7981713b88257bbccc12bb711efd2 100755 (executable)
--- a/mimedecode.py
+++ b/mimedecode.py
@@ -270,6 +270,12 @@ def _save_message(msg, outstring, save_headers=False, save_body=False):
     ):
         fname = msg.get_param(param, header=header)
         if fname:
+            try:
+                    for forbidden in chr(0), '/', '\\':
+                        if forbidden in fname:
+                            raise ValueError
+            except ValueError:
+                continue
             fname = '-' + fname
             break
     else:
A program to decode MIME messages.