mail/attachment: do not assume a non-trivial filename

author: Anton Khirnov <anton@khirnov.net> 2021-05-15 19:41:07 +0200
committer: Anton Khirnov <anton@khirnov.net> 2021-05-15 19:41:07 +0200
commit: 116e94841e5de975c463eddf3df19e4ee9d4fdfc (patch)
tree: 74ee2a4e606a624380fb1612207105bdc31203bf
parent: ed2f42f3504c766e9a39f8ed4f3ff97ffa0c3c75 (diff)
1 files changed, 6 insertions, 5 deletions
diff --git a/alot/mail/attachment.py b/alot/mail/attachment.py
index 114859fc..b8673fb9 100644
--- a/alot/mail/attachment.py
+++ b/alot/mail/attachment.py
@@ -39,11 +39,12 @@ class Attachment:
         self.content_type = ctype
         self.params       = params
 
-        # make sure the filename is a relative path
-        # that does not go upwards
-        filename = os.path.normpath(filename)
-        if filename.startswith('/') or filename.startswith('..'):
-            raise ValueError('Dangerous attachment filename: %s' % filename)
+        if self.filename:
+            # make sure the filename is a relative path
+            # that does not go upwards
+            filename = os.path.normpath(filename)
+            if filename.startswith('/') or filename.startswith('..'):
+                raise ValueError('Dangerous attachment filename: %s' % filename)
 
         self.filename = filename
author	Anton Khirnov <anton@khirnov.net>	2021-05-15 19:41:07 +0200
committer	Anton Khirnov <anton@khirnov.net>	2021-05-15 19:41:07 +0200
commit	116e94841e5de975c463eddf3df19e4ee9d4fdfc (patch)
tree	74ee2a4e606a624380fb1612207105bdc31203bf
parent	ed2f42f3504c766e9a39f8ed4f3ff97ffa0c3c75 (diff)