summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoralecpl <alec@alec.pl>2010-07-06 10:38:58 +0000
committeralecpl <alec@alec.pl>2010-07-06 10:38:58 +0000
commit9bb1fc7b0b7517412e16231685edf2ac264dbea0 (patch)
tree9c835b86c9f74ec73b889e07cc2a2c66a0e8be34
parent7534f6fc5941da555bbd959bbbbad9aefed8ac14 (diff)
- Make sure attachment name doesn't contain \r\n (#1486832)
-rw-r--r--program/steps/mail/get.inc13
1 files changed, 7 insertions, 6 deletions
diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc
index 9ebdf4367..67c62b284 100644
--- a/program/steps/mail/get.inc
+++ b/program/steps/mail/get.inc
@@ -55,7 +55,7 @@ else if ($pid = get_input_value('_part', RCUBE_INPUT_GET)) {
$ctype_primary = strtolower($part->ctype_primary);
$ctype_secondary = strtolower($part->ctype_secondary);
$mimetype = sprintf('%s/%s', $ctype_primary, $ctype_secondary);
-
+
$browser = new rcube_browser;
// send download headers
@@ -84,20 +84,21 @@ else if ($pid = get_input_value('_part', RCUBE_INPUT_GET)) {
else {
// don't kill the connection if download takes more than 30 sec.
@set_time_limit(0);
-
+
$filename = $part->filename ? $part->filename : ($MESSAGE->subject ? $MESSAGE->subject : 'roundcube') . '.'.$ctype_secondary;
-
+ $filename = preg_replace('[\r\n]', '', $filename);
+
if ($browser->ie && $browser->ver < 7)
$filename = rawurlencode(abbreviate_string($filename, 55));
else if ($browser->ie)
$filename = rawurlencode($filename);
else
$filename = addcslashes($filename, '"');
-
+
$disposition = !empty($_GET['_download']) ? 'attachment' : 'inline';
-
+
header("Content-Disposition: $disposition; filename=\"$filename\"");
-
+
// turn off output buffering and print part content
if ($part->body)
echo $part->body;