diff options
author | Anton Khirnov <anton@khirnov.net> | 2021-05-15 19:41:07 +0200 |
---|---|---|
committer | Anton Khirnov <anton@khirnov.net> | 2021-05-15 19:41:07 +0200 |
commit | 116e94841e5de975c463eddf3df19e4ee9d4fdfc (patch) | |
tree | 74ee2a4e606a624380fb1612207105bdc31203bf | |
parent | ed2f42f3504c766e9a39f8ed4f3ff97ffa0c3c75 (diff) |
mail/attachment: do not assume a non-trivial filename
-rw-r--r-- | alot/mail/attachment.py | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/alot/mail/attachment.py b/alot/mail/attachment.py index 114859fc..b8673fb9 100644 --- a/alot/mail/attachment.py +++ b/alot/mail/attachment.py @@ -39,11 +39,12 @@ class Attachment: self.content_type = ctype self.params = params - # make sure the filename is a relative path - # that does not go upwards - filename = os.path.normpath(filename) - if filename.startswith('/') or filename.startswith('..'): - raise ValueError('Dangerous attachment filename: %s' % filename) + if self.filename: + # make sure the filename is a relative path + # that does not go upwards + filename = os.path.normpath(filename) + if filename.startswith('/') or filename.startswith('..'): + raise ValueError('Dangerous attachment filename: %s' % filename) self.filename = filename |