diff options
author | Mark Sapiro <mark@msapiro.net> | 2020-06-21 11:45:30 -0700 |
---|---|---|
committer | Mark Sapiro <mark@msapiro.net> | 2020-06-21 11:45:30 -0700 |
commit | 53a0828d3ee7eb1ea2726c12495e22e0640dade3 (patch) | |
tree | 35d4d1bddfde3130f229b5f0178d0c0c0ba51642 | |
parent | 6fac67d23d53d2bb46b300e53a33da1c8f09cb86 (diff) | |
download | mailman2-53a0828d3ee7eb1ea2726c12495e22e0640dade3.tar.gz mailman2-53a0828d3ee7eb1ea2726c12495e22e0640dade3.tar.xz mailman2-53a0828d3ee7eb1ea2726c12495e22e0640dade3.zip |
Truncate very long names for scrubbed attachments.
-rw-r--r-- | Mailman/Handlers/Scrubber.py | 3 | ||||
-rw-r--r-- | NEWS | 3 |
2 files changed, 5 insertions, 1 deletions
diff --git a/Mailman/Handlers/Scrubber.py b/Mailman/Handlers/Scrubber.py index 97e443b7..cecd11fb 100644 --- a/Mailman/Handlers/Scrubber.py +++ b/Mailman/Handlers/Scrubber.py @@ -471,7 +471,8 @@ def save_attachment(mlist, msg, dir, filter_html=True): # guessed so attachments can't lie about their type. Also, if the # filename /has/ no extension, then tack on the one we guessed. # The extension was removed from the name above. - filebase = filename + # Allow for extra and ext and keep it under 255 bytes. + filebase = filename[:240] # Now we're looking for a unique name for this file on the file # system. If msgdir/filebase.ext isn't unique, we'll add a counter # after filebase, e.g. msgdir/filebase-cnt.ext @@ -24,6 +24,9 @@ Here is a history of user visible changes to Mailman. mailbombing of a member of a list with private rosters by repeated subscribe attempts. (LP: #1883017) + - Very long filenames for scrubbed attachments are now truncated. + (LP: #1884456) + 2.1.33 (07-May-2020) Security |