diff options
author | Aleksander Machniak <alec@alec.pl> | 2013-05-14 09:41:30 +0200 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2013-05-14 09:42:01 +0200 |
commit | 05b5f969d5c10850291ae413b89461ca1f6bcc5d (patch) | |
tree | 9e5e8d5011add498816c226efba786810685aa26 | |
parent | bde85428d69069637782d9507475df78890f08d0 (diff) |
Fix problem where security warning was displayed for valid images with image/jpg type (#1489097)
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | program/steps/mail/func.inc | 3 | ||||
-rw-r--r-- | program/steps/mail/get.inc | 7 |
3 files changed, 4 insertions, 7 deletions
@@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Fix problem where security warning was displayed for valid images with image/jpg type (#1489097) - Fix handling of invalid email addresses in headers (#1489092) - Fix IMAP connection issue with default_socket_timeout < 0 and imap_timeout < 0 (#1489090) - Fix various PHP code bugs found using static analysis (#1489086) diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 0dae6de57..59e0dbaa0 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -1840,8 +1840,7 @@ function rcmail_fix_mimetype($name) // application/pdf.A520491B_3BF7_494D_8855_7FAC2C6C0608 if (preg_match('/^application\/pdf.+/', $name)) $name = 'application/pdf'; - - // treat image/pjpeg as image/jpeg + // treat image/pjpeg (image/pjpg, image/jpg) as image/jpeg (#1489097) else if (preg_match('/^image\/p?jpe?g$/', $name)) $name = 'image/jpeg'; diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc index bcc6f11bc..372757720 100644 --- a/program/steps/mail/get.inc +++ b/program/steps/mail/get.inc @@ -95,9 +95,7 @@ else if ($_GET['_thumb']) { else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) { if ($part = $MESSAGE->mime_parts[$pid]) { - $ctype_primary = strtolower($part->ctype_primary); - $ctype_secondary = strtolower($part->ctype_secondary); - $mimetype = sprintf('%s/%s', $ctype_primary, $ctype_secondary); + $mimetype = rcmail_fix_mimetype($part->mimetype); // allow post-processing of the message body $plugin = $RCMAIL->plugins->exec_hook('message_part_get', @@ -107,7 +105,7 @@ else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) { exit; // overwrite modified vars from plugin - $mimetype = $plugin['mimetype']; + $mimetype = $plugin['mimetype']; $extensions = rcube_mime::get_mime_extensions($mimetype); if ($plugin['body']) @@ -217,7 +215,6 @@ else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) { header("Content-Type: text/$ctype_secondary; charset=" . ($part->charset ? $part->charset : RCMAIL_CHARSET)); } else { - $mimetype = rcmail_fix_mimetype($mimetype); header("Content-Type: $mimetype"); header("Content-Transfer-Encoding: binary"); } |