diff -uNr --exclude=.hg dovecot-1.0.old/src/lib-sievestorage/sieve-save.c dovecot-1.0/src/lib-sievestorage/sieve-save.c
--- dovecot-1.0.old/src/lib-sievestorage/sieve-save.c	2008-11-17 16:45:54.000000000 +0100
+++ dovecot-1.0/src/lib-sievestorage/sieve-save.c	2008-11-17 16:44:17.000000000 +0100
@@ -154,6 +154,13 @@
 	struct ostream *output;
 	const char *path;
 
+	/* Disallow '/' characters in script name */
+	if ( strchr(scriptname, '/') != NULL ) {
+		sieve_storage_set_error(storage, "Invalid script name '%s'.",
+			scriptname);
+		return NULL;
+	}
+
 	/* Prevent overwriting the active script link when it resides in the 
 	 * sieve storage directory.
 	 */
diff -uNr --exclude=.hg dovecot-1.0.old/src/lib-sievestorage/sieve-script.c dovecot-1.0/src/lib-sievestorage/sieve-script.c
--- dovecot-1.0.old/src/lib-sievestorage/sieve-script.c	2008-11-17 16:45:54.000000000 +0100
+++ dovecot-1.0/src/lib-sievestorage/sieve-script.c	2008-11-17 16:44:17.000000000 +0100
@@ -93,6 +93,13 @@
 	struct sieve_script *script;
 	const char *filename;
 
+	/* Disallow '/' characters in script name */
+	if ( strchr(scriptname, '/') != NULL ) {	
+		sieve_storage_set_error(storage, "Invalid script name '%s'.",
+			scriptname);
+		return NULL;
+	}
+
 	t_push();
 
 	filename = t_strconcat