tobias/docker-offlineimap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

/offlineimap/head: changeset 210

Browse Source 
Preventive security: folder names may not contain ./ or start with /.
This commit is contained in:
jgoerzen
2002-08-08 03:44:37 +01:00
parent f086c3ff0a
commit b56304090a
2 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
offlineimap/head/offlineimap/repository/Maildir.py
View File

@@ -46,12 +46,14 @@ class MaildirRepository(BaseRepository):
for invalid in ['new', 'cur', 'tmp', 'offlineimap.uidvalidity']:
for component in foldername.split('/'):
assert component != invalid, "When using nested folders (/ as a separator in the account config), your folder names may not contain 'new', 'cur', 'tmp', or 'offlineimap.uidvalidity'."
assert oldername.find('./') == -1, "Folder names may not contain ../"
assert not foldername.startswith('/'), "Folder names may not begin with /"
oldcwd = os.getcwd()
os.chdir(self.root)
os.makedirs(folderdir, 0700)
os.makedirs(foldername, 0700)
for subdir in ['cur', 'new', 'tmp']:
os.mkdir(os.path.join(folderdir, subdir), 0700)
os.mkdir(os.path.join(foldername, subdir), 0700)
# Invalidate the cache
self.folders = None
os.chdir(oldcwd)