/offlineimap/head: changeset 210
Preventive security: folder names may not contain ./ or start with /.
This commit is contained in:
parent
f086c3ff0a
commit
b56304090a
@ -13,6 +13,7 @@ offlineimap (3.2.2) unstable; urgency=low
|
||||
* Added support for /-separated Maildirs -- that is, hierarchical
|
||||
Maildir trees. Fixes [complete.org #28] and, for Debian,
|
||||
Closes: #155460.
|
||||
* Preventitive security: Folder names may not contain ./ or start with /.
|
||||
|
||||
-- John Goerzen <jgoerzen@complete.org> Thu, 25 Jul 2002 08:22:25 -0500
|
||||
|
||||
|
@ -47,11 +47,13 @@ class MaildirRepository(BaseRepository):
|
||||
for component in foldername.split('/'):
|
||||
assert component != invalid, "When using nested folders (/ as a separator in the account config), your folder names may not contain 'new', 'cur', 'tmp', or 'offlineimap.uidvalidity'."
|
||||
|
||||
assert oldername.find('./') == -1, "Folder names may not contain ../"
|
||||
assert not foldername.startswith('/'), "Folder names may not begin with /"
|
||||
oldcwd = os.getcwd()
|
||||
os.chdir(self.root)
|
||||
os.makedirs(folderdir, 0700)
|
||||
os.makedirs(foldername, 0700)
|
||||
for subdir in ['cur', 'new', 'tmp']:
|
||||
os.mkdir(os.path.join(folderdir, subdir), 0700)
|
||||
os.mkdir(os.path.join(foldername, subdir), 0700)
|
||||
# Invalidate the cache
|
||||
self.folders = None
|
||||
os.chdir(oldcwd)
|
||||
|
Loading…
Reference in New Issue
Block a user