From: Don Armstrong <don@donarmstrong.com>
Date: Fri, 11 Aug 2017 20:42:53 +0000 (-0700)
Subject: ignore supplied filenames in MIME to avoid taint issues
X-Git-Tag: release/2.6.0~67
X-Git-Url: https://git.donarmstrong.com/?p=debbugs.git;a=commitdiff_plain;h=539af97afc41be51d7f9d70a7d1e94c0ed0516cc

ignore supplied filenames in MIME to avoid taint issues
---

diff --git a/Debbugs/CGI/Bugreport.pm b/Debbugs/CGI/Bugreport.pm
index 7883cd5..95201d2 100644
--- a/Debbugs/CGI/Bugreport.pm
+++ b/Debbugs/CGI/Bugreport.pm
@@ -476,6 +476,7 @@ sub handle_record{
           # this will be cleaned up once it goes out of scope
           my $tempdir = File::Temp->newdir();
           $parser->output_under($tempdir->dirname());
+         $parser->filer->ignore_filename(1);
          my $entity;
          if ($record->{inner_file}) {
              $entity = $parser->parse($record->{fh});