From 116e94841e5de975c463eddf3df19e4ee9d4fdfc Mon Sep 17 00:00:00 2001
From: Anton Khirnov <anton@khirnov.net>
Date: Sat, 15 May 2021 19:41:07 +0200
Subject: mail/attachment: do not assume a non-trivial filename

---
 alot/mail/attachment.py | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/alot/mail/attachment.py b/alot/mail/attachment.py
index 114859fc..b8673fb9 100644
--- a/alot/mail/attachment.py
+++ b/alot/mail/attachment.py
@@ -39,11 +39,12 @@ class Attachment:
         self.content_type = ctype
         self.params       = params
 
-        # make sure the filename is a relative path
-        # that does not go upwards
-        filename = os.path.normpath(filename)
-        if filename.startswith('/') or filename.startswith('..'):
-            raise ValueError('Dangerous attachment filename: %s' % filename)
+        if self.filename:
+            # make sure the filename is a relative path
+            # that does not go upwards
+            filename = os.path.normpath(filename)
+            if filename.startswith('/') or filename.startswith('..'):
+                raise ValueError('Dangerous attachment filename: %s' % filename)
 
         self.filename = filename
 
-- 
cgit v1.2.3