From d0e8fa3bb2475187fbf9fcfe73c38ec83ad7e6b5 Mon Sep 17 00:00:00 2001 From: Konstantin Ryabitsev Date: Tue, 3 Aug 2021 10:58:02 -0400 Subject: Sanitize msgid before using it as savename Before using the msgid as part of the filename, clean it up to only contains sensible characters. Reported-by: Rob Herring Signed-off-by: Konstantin Ryabitsev --- b4/mbox.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/b4/mbox.py b/b4/mbox.py index f575f94..3d887e6 100644 --- a/b4/mbox.py +++ b/b4/mbox.py @@ -656,7 +656,8 @@ def main(cmdargs): if cmdargs.wantname: savename = os.path.join(cmdargs.outdir, cmdargs.wantname) else: - savename = os.path.join(cmdargs.outdir, f'{msgid}.{dftext}') + safe_msgid = re.sub(r'[^\w@.+%-]+', '_', msgid).strip('_') + savename = os.path.join(cmdargs.outdir, f'{safe_msgid}.{dftext}') if save_maildir: if os.path.isdir(savename): -- cgit v1.2.3