diff -uNr old/src/lib-sievestorage/sieve-storage-save.c new/src/lib-sievestorage/sieve-storage-save.c
--- old/src/lib-sievestorage/sieve-storage-save.c	2008-10-23 21:54:44.000000000 +0200
+++ new/src/lib-sievestorage/sieve-storage-save.c	2008-11-17 17:18:05.000000000 +0100
@@ -154,6 +154,13 @@
 	pool_t pool;
 	const char *path;
 
+	/* Disallow '/' characters in script name */
+	if ( strchr(scriptname, '/') != NULL ) {
+		sieve_storage_set_error(storage, 
+			"Invalid script name '%s'.", scriptname);
+		return NULL;
+	}
+
 	/* Prevent overwriting the active script link when it resides in the 
 	 * sieve storage directory.
 	 */
diff -uNr old/src/lib-sievestorage/sieve-storage-script.c new/src/lib-sievestorage/sieve-storage-script.c
--- old/src/lib-sievestorage/sieve-storage-script.c	2008-10-23 21:54:44.000000000 +0200
+++ new/src/lib-sievestorage/sieve-storage-script.c	2008-11-17 17:18:19.000000000 +0100
@@ -72,6 +72,13 @@
 	struct sieve_script *script;
 	const char *path;
 
+	/* Disallow '/' characters in script name */	
+	if ( strchr(scriptname, '/') != NULL ) {
+		sieve_storage_set_error(storage, 
+			"Invalid script name '%s'.", scriptname);
+		return NULL;
+	}
+
 	T_BEGIN {
 		path = t_strconcat( storage->dir, "/", scriptname, ".sieve", NULL );
 
@@ -527,6 +534,13 @@
 	const char *newpath, *newfile, *link_path;
 	int ret = 0;
 
+	/* Disallow '/' characters in script name */
+	if ( strchr(newname, '/') != NULL ) {
+		sieve_storage_set_error(storage, 
+			"Invalid new script name '%s'.", newname);
+		return -1;
+	}
+
 	T_BEGIN {
 		newfile = t_strconcat( newname, ".sieve", NULL );
 		newpath = t_strconcat( storage->dir, "/", newfile, NULL );