summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2013-05-14 09:41:30 +0200
committerAleksander Machniak <alec@alec.pl>2013-05-14 09:42:01 +0200
commit05b5f969d5c10850291ae413b89461ca1f6bcc5d (patch)
tree9e5e8d5011add498816c226efba786810685aa26
parentbde85428d69069637782d9507475df78890f08d0 (diff)
Fix problem where security warning was displayed for valid images with image/jpg type (#1489097)
-rw-r--r--CHANGELOG1
-rw-r--r--program/steps/mail/func.inc3
-rw-r--r--program/steps/mail/get.inc7
3 files changed, 4 insertions, 7 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 8c1c721f1..b14baa2a9 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================
+- Fix problem where security warning was displayed for valid images with image/jpg type (#1489097)
- Fix handling of invalid email addresses in headers (#1489092)
- Fix IMAP connection issue with default_socket_timeout < 0 and imap_timeout < 0 (#1489090)
- Fix various PHP code bugs found using static analysis (#1489086)
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 0dae6de57..59e0dbaa0 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -1840,8 +1840,7 @@ function rcmail_fix_mimetype($name)
// application/pdf.A520491B_3BF7_494D_8855_7FAC2C6C0608
if (preg_match('/^application\/pdf.+/', $name))
$name = 'application/pdf';
-
- // treat image/pjpeg as image/jpeg
+ // treat image/pjpeg (image/pjpg, image/jpg) as image/jpeg (#1489097)
else if (preg_match('/^image\/p?jpe?g$/', $name))
$name = 'image/jpeg';
diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc
index bcc6f11bc..372757720 100644
--- a/program/steps/mail/get.inc
+++ b/program/steps/mail/get.inc
@@ -95,9 +95,7 @@ else if ($_GET['_thumb']) {
else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) {
if ($part = $MESSAGE->mime_parts[$pid]) {
- $ctype_primary = strtolower($part->ctype_primary);
- $ctype_secondary = strtolower($part->ctype_secondary);
- $mimetype = sprintf('%s/%s', $ctype_primary, $ctype_secondary);
+ $mimetype = rcmail_fix_mimetype($part->mimetype);
// allow post-processing of the message body
$plugin = $RCMAIL->plugins->exec_hook('message_part_get',
@@ -107,7 +105,7 @@ else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) {
exit;
// overwrite modified vars from plugin
- $mimetype = $plugin['mimetype'];
+ $mimetype = $plugin['mimetype'];
$extensions = rcube_mime::get_mime_extensions($mimetype);
if ($plugin['body'])
@@ -217,7 +215,6 @@ else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) {
header("Content-Type: text/$ctype_secondary; charset=" . ($part->charset ? $part->charset : RCMAIL_CHARSET));
}
else {
- $mimetype = rcmail_fix_mimetype($mimetype);
header("Content-Type: $mimetype");
header("Content-Transfer-Encoding: binary");
}