summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoralecpl <alec@alec.pl>2011-02-09 12:33:07 +0000
committeralecpl <alec@alec.pl>2011-02-09 12:33:07 +0000
commitb389252f2b5db908374cd1f839a9d89edec0894d (patch)
tree147bb2090cd15b34fce979a7851c617a1fc5b396
parent075ee62a7723c76df3eb7e6e2d5884a266f951b8 (diff)
- Fix handling of attachments with invalid content type (#1487767)
-rw-r--r--CHANGELOG1
-rw-r--r--program/include/rcube_message.php13
2 files changed, 13 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 881779653..90faf4a9c 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================
+- Fix handling of attachments with invalid content type (#1487767)
- Add workaround for DBMail's bug http://www.dbmail.org/mantis/view.php?id=881 (#1487766)
- Use IMAP's ID extension (RFC2971) to print more info into debug log
- Security: add optional referer check to prevent CSRF in GET requests
diff --git a/program/include/rcube_message.php b/program/include/rcube_message.php
index 3a96a0b7b..a8c51cc4e 100644
--- a/program/include/rcube_message.php
+++ b/program/include/rcube_message.php
@@ -478,10 +478,21 @@ class rcube_message
if (!empty($mail_part->filename))
$this->attachments[] = $mail_part;
}
- // is a regular attachment (content-type name regexp according to RFC4288.4.2)
+ // regular attachment with valid content type
+ // (content-type name regexp according to RFC4288.4.2)
else if (preg_match('/^[a-z0-9!#$&.+^_-]+\/[a-z0-9!#$&.+^_-]+$/i', $part_mimetype)) {
if (!$mail_part->filename)
$mail_part->filename = 'Part '.$mail_part->mime_id;
+
+ $this->attachments[] = $mail_part;
+ }
+ // attachment with invalid content type
+ // replace malformed content type with application/octet-stream (#1487767)
+ else if ($mail_part->filename) {
+ $mail_part->ctype_primary = 'application';
+ $mail_part->ctype_secondary = 'octet-stream';
+ $mail_part->mimetype = 'application/octet-stream';
+
$this->attachments[] = $mail_part;
}
}