[PATCH] Allow to download public bundle as mbox

simo idra at samba.org
Wed Nov 7 02:34:21 EST 2012


On Tue, 2012-11-06 at 23:19 +0800, Jeremy Kerr wrote:
> Hi Simo,
> 
> >> In other words, does anyone rely on the bundle name to contain the ID?
> >
> > Note that I didn't really change it, for normal mboxes the name is
> > str(bundle.id) :-)
> 
> Yep, but if we unify them, it'll be more consistent. Using the name 
> seems to be the way to go.
> 
> (however, we should also clean the filename, so that we don't get 
> user-provided data ending up in a HTTP header field)

I checked earlier that the bundle name is properly sanitized when input.
If we were to use the patch name coming from the email parser, then yeah
we need to be more careful.

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>



More information about the Patchwork mailing list