At 16:09 +0000 04/27/2009, Antoine Pitrou wrote: >Stephen J. Turnbull <stephen <at> xemacs.org> writes: >> >> I hate to break it to you, but most stages of mail processing have >> very little to do with SMTP. In particular, processing MIME >> attachments often requires dealing with file names. > >AFAIK, the file name is only there as an indication for the user when he wants >to save the file. If it's garbled a bit, no big deal. ...
Yep. In fact, it should be cleaned carefully. RFC 2183, 2.3: "It is important that the receiving MUA not blindly use the suggested filename. The suggested filename SHOULD be checked (and possibly changed) to see that it conforms to local filesystem conventions, does not overwrite an existing file, and does not present a security problem (see Security Considerations below). The receiving MUA SHOULD NOT respect any directory path information that may seem to be present in the filename parameter. The filename should be treated as a terminal component only. Portable specification of directory paths might possibly be done in the future via a separate Content Disposition parmeter, but no provision is made for it in this draft." -- ____________________________________________________________________ TonyN.:' <mailto:tonynel...@georgeanelson.com> ' <http://www.georgeanelson.com/> _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
