View | Details | Raw Unified | Return to bug 8591
Collapse All | Expand All

(-)mailman-2.1.6/Mailman/Handlers/Scrubber.py.cve-2005-3573 (-3 / +12 lines)
Lines 300-306 Link Here
300 
            finally:
 300 
            finally:
301 
                os.umask(omask)
 301 
                os.umask(omask)
302 
            desc = part.get('content-description', _('not available'))
 302 
            desc = part.get('content-description', _('not available'))
303 
            filename = part.get_filename(_('not available'))
 303 
            try:
304 
                filename = part.get_filename(_('not available'))
305 
            except UnicodeDecodeError:
306 
                filename = _('not available')
304 
            filename = Utils.oneline(filename, lcset)
 307 
            filename = Utils.oneline(filename, lcset)
305 
            del part['content-type']
 308 
            del part['content-type']
306 
            del part['content-transfer-encoding']
 309 
            del part['content-transfer-encoding']
Lines 409-415 Link Here
409 
    # i18n file name is encoded
 412 
    # i18n file name is encoded
410 
    lcset = Utils.GetCharSet(mlist.preferred_language)
 413 
    lcset = Utils.GetCharSet(mlist.preferred_language)
411 
    filename = Utils.oneline(msg.get_filename(''), lcset)
 414 
    filename = Utils.oneline(msg.get_filename(''), lcset)
412 
    fnext = os.path.splitext(filename)[1]
 415 
    try:
416 
        fnext = os.path.splitext(filename)[1]
417 
    except UnicodeDecodeError:
418 
        fnext = ''
413 
    # For safety, we should confirm this is valid ext for content-type
 419 
    # For safety, we should confirm this is valid ext for content-type
414 
    # but we can use fnext if we introduce fnext filtering
 420 
    # but we can use fnext if we introduce fnext filtering
415 
    if mm_cfg.SCRUBBER_USE_ATTACHMENT_FILENAME_EXTENSION:
 421 
    if mm_cfg.SCRUBBER_USE_ATTACHMENT_FILENAME_EXTENSION:
Lines 434-440 Link Here
434 
    try:
 440 
    try:
435 
        # Now base the filename on what's in the attachment, uniquifying it if
 441 
        # Now base the filename on what's in the attachment, uniquifying it if
436 
        # necessary.
 442 
        # necessary.
437 
        filename = msg.get_filename()
 443 
        try:
444 
            filename = msg.get_filename()
445 
        except UnicodeDecodeError:
446 
            filename = None
438 
        if not filename or mm_cfg.SCRUBBER_DONT_USE_ATTACHMENT_FILENAME:
 447 
        if not filename or mm_cfg.SCRUBBER_DONT_USE_ATTACHMENT_FILENAME:
439 
            filebase = 'attachment'
 448 
            filebase = 'attachment'
440 
        else:
 449 
        else:

Return to bug 8591