[geary] Replace slashes and NULs with _ in attached filenames

[Charles Lindsay <clindsay src gnome org>]

commit 9b486f9598f970a80f2c726bac49e85dd9b25176
Author: Charles Lindsay <chaz yorba org>
Date:   Thu Mar 6 14:47:42 2014 -0800

    Replace slashes and NULs with _ in attached filenames
    
    This ensures we can't, say, overwrite someone's .bashrc file by sending
    them an email.  It also fixes errors where Geary couldn't handle
    attachment filenames that contained slashes.
    
    Closes: bgo #714549

 src/engine/imap-db/imap-db-folder.vala |    2 +-
 src/engine/rfc822/rfc822-message.vala  |    2 +-
 src/engine/rfc822/rfc822-utils.vala    |    9 ++++++++-
 src/engine/rfc822/rfc822.vala          |    8 ++++++++
 4 files changed, 18 insertions(+), 3 deletions(-)
---
diff --git a/src/engine/imap-db/imap-db-folder.vala b/src/engine/imap-db/imap-db-folder.vala
index df244f3..bc9370c 100644
--- a/src/engine/imap-db/imap-db-folder.vala
+++ b/src/engine/imap-db/imap-db-folder.vala
@@ -1898,7 +1898,7 @@ private class Geary.ImapDB.Folder : BaseObject, Geary.ReferenceSemantics {
         foreach (GMime.Part attachment in attachments) {
             string mime_type = attachment.get_content_type().to_string();
             string disposition = attachment.get_disposition();
-            string filename = RFC822.Utils.get_attachment_filename(attachment);
+            string filename = RFC822.Utils.get_clean_attachment_filename(attachment);
             
             // Convert the attachment content into a usable ByteArray.
             GMime.DataWrapper attachment_data = attachment.get_content_object();
diff --git a/src/engine/rfc822/rfc822-message.vala b/src/engine/rfc822/rfc822-message.vala
index 3cfc1e6..aa32c6b 100644
--- a/src/engine/rfc822/rfc822-message.vala
+++ b/src/engine/rfc822/rfc822-message.vala
@@ -512,7 +512,7 @@ public class Geary.RFC822.Message : BaseObject {
             return false;
         
         // Hand off to the replacer for processing
-        string? replaced_part = replacer(RFC822.Utils.get_attachment_filename(part), content_type,
+        string? replaced_part = replacer(RFC822.Utils.get_clean_attachment_filename(part), content_type,
             disposition, mime_part_to_memory_buffer(part));
         if (replaced_part != null)
             body = replaced_part;
diff --git a/src/engine/rfc822/rfc822-utils.vala b/src/engine/rfc822/rfc822-utils.vala
index 747cc4f..7d94d83 100644
--- a/src/engine/rfc822/rfc822-utils.vala
+++ b/src/engine/rfc822/rfc822-utils.vala
@@ -320,12 +320,19 @@ public GMime.ContentEncoding get_best_content_encoding(GMime.Stream stream,
     return encoding;
 }
 
-public string get_attachment_filename(GMime.Part part) {
+public string get_clean_attachment_filename(GMime.Part part) {
     string? filename = part.get_filename();
     if (String.is_empty(filename)) {
         /// Placeholder filename for attachments with no filename.
         filename = _("none");
     }
+    
+    try {
+        filename = invalid_filename_character_re.replace_literal(filename, filename.length, 0, "_");
+    } catch (RegexError e) {
+        debug("Error sanitizing attachment filename: %s", e.message);
+    }
+    
     return filename;
 }
 
diff --git a/src/engine/rfc822/rfc822.vala b/src/engine/rfc822/rfc822.vala
index 2a5d93d..ec8791e 100644
--- a/src/engine/rfc822/rfc822.vala
+++ b/src/engine/rfc822/rfc822.vala
@@ -8,11 +8,19 @@ namespace Geary.RFC822 {
 
 private int init_count = 0;
 
+internal Regex? invalid_filename_character_re = null;
+
 internal void init() {
     if (init_count++ != 0)
         return;
     
     GMime.init(GMime.ENABLE_RFC2047_WORKAROUNDS);
+    
+    try {
+        invalid_filename_character_re = new Regex("[/\\0]");
+    } catch (RegexError e) {
+        assert_not_reached();
+    }
 }
 
 }