diff options
author | Thomas Bruederli <thomas@roundcube.net> | 2013-04-10 23:38:50 +0200 |
---|---|---|
committer | Thomas Bruederli <thomas@roundcube.net> | 2013-04-10 23:39:49 +0200 |
commit | 2741d8ecedb156773328750be0d09ecc89afa4bd (patch) | |
tree | e5b9e6cd37c876f2bb0d1e58921d5433a38979f3 | |
parent | 706d3f472f1607004ae35a155a80c63239509323 (diff) |
Set minimal permissions to temp files (#148899)
-rw-r--r-- | plugins/filesystem_attachments/filesystem_attachments.php | 1 | ||||
-rw-r--r-- | program/lib/Roundcube/rcube_image.php | 4 |
2 files changed, 5 insertions, 0 deletions
diff --git a/plugins/filesystem_attachments/filesystem_attachments.php b/plugins/filesystem_attachments/filesystem_attachments.php index fa147795f..063f6d5e4 100644 --- a/plugins/filesystem_attachments/filesystem_attachments.php +++ b/plugins/filesystem_attachments/filesystem_attachments.php @@ -60,6 +60,7 @@ class filesystem_attachments extends rcube_plugin $args['id'] = $this->file_id(); $args['path'] = $tmpfname; $args['status'] = true; + @chmod($tmpfname, 0600); // set correct permissions (#148899) // Note the file for later cleanup $_SESSION['plugins']['filesystem_attachments'][$group][] = $tmpfname; diff --git a/program/lib/Roundcube/rcube_image.php b/program/lib/Roundcube/rcube_image.php index a55ba1600..735a0df01 100644 --- a/program/lib/Roundcube/rcube_image.php +++ b/program/lib/Roundcube/rcube_image.php @@ -124,6 +124,7 @@ class rcube_image } if ($result === '') { + @chmod($filename, 0600); return $type; } } @@ -183,6 +184,7 @@ class rcube_image } if ($result) { + @chmod($filename, 0600); return $type; } } @@ -223,6 +225,7 @@ class rcube_image $result = rcube::exec($convert . ' 2>&1 -colorspace RGB -quality 75 {in} {type}:{out}', $p); if ($result === '') { + @chmod($filename, 0600); return true; } } @@ -256,6 +259,7 @@ class rcube_image } if ($result) { + @chmod($filename, 0600); return true; } } |