From 98c758ff7b9ab1a571d278c74f4b6c38295fc83d Mon Sep 17 00:00:00 2001 From: Konstantin Ryabitsev Date: Tue, 3 Aug 2021 10:58:02 -0400 Subject: Sanitize msgid before using it as savename Before using the msgid as part of the filename, clean it up to only contains sensible characters. Reported-by: Rob Herring Signed-off-by: Konstantin Ryabitsev --- b4/mbox.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/b4/mbox.py b/b4/mbox.py index 0de7a96..e11d2ae 100644 --- a/b4/mbox.py +++ b/b4/mbox.py @@ -623,7 +623,8 @@ def main(cmdargs): if cmdargs.wantname: savename = os.path.join(cmdargs.outdir, cmdargs.wantname) else: - savename = os.path.join(cmdargs.outdir, f'{msgid}.{dftext}') + safe_msgid = re.sub(r'[^\w@.+%-]+', '_', msgid).strip('_') + savename = os.path.join(cmdargs.outdir, f'{safe_msgid}.{dftext}') if save_maildir: if os.path.isdir(savename): -- cgit v1.2.3