diff -uNr old/src/lib-sievestorage/sieve-storage-save.c new/src/lib-sievestorage/sieve-storage-save.c
--- old/src/lib-sievestorage/sieve-storage-save.c	2008-07-01 20:17:21.000000000 +0200
+++ new/src/lib-sievestorage/sieve-storage-save.c	2008-11-17 17:30:04.000000000 +0100
@@ -154,6 +154,13 @@
 	pool_t pool;
 	const char *path;
 
+	/* Disallow '/' characters in script name */
+	if ( strchr(scriptname, '/') != NULL ) {
+		sieve_storage_set_error(storage, "Invalid script name '%s'.", 
+			scriptname);
+		return NULL;
+	}
+
 	/* Prevent overwriting the active script link when it resides in the 
 	 * sieve storage directory.
 	 */
diff -uNr old/src/lib-sievestorage/sieve-storage-script.c new/src/lib-sievestorage/sieve-storage-script.c
--- old/src/lib-sievestorage/sieve-storage-script.c	2008-07-01 20:17:21.000000000 +0200
+++ new/src/lib-sievestorage/sieve-storage-script.c	2008-11-17 17:30:04.000000000 +0100
@@ -73,6 +73,13 @@
 	struct sieve_script *script;
 	const char *path;
 
+	/* Disallow '/' characters in script name */
+	if ( strchr(scriptname, '/') != NULL ) {
+		sieve_storage_set_error(storage, "Invalid script name '%s'.",
+			scriptname); 
+		return NULL;
+	}
+
 	T_BEGIN {
 		path = t_strconcat( storage->dir, "/", scriptname, ".sieve", NULL );