summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Bruederli <thomas@roundcube.net>2013-04-10 23:38:50 +0200
committerThomas Bruederli <thomas@roundcube.net>2013-04-10 23:39:49 +0200
commit2741d8ecedb156773328750be0d09ecc89afa4bd (patch)
treee5b9e6cd37c876f2bb0d1e58921d5433a38979f3
parent706d3f472f1607004ae35a155a80c63239509323 (diff)
Set minimal permissions to temp files (#148899)
-rw-r--r--plugins/filesystem_attachments/filesystem_attachments.php1
-rw-r--r--program/lib/Roundcube/rcube_image.php4
2 files changed, 5 insertions, 0 deletions
diff --git a/plugins/filesystem_attachments/filesystem_attachments.php b/plugins/filesystem_attachments/filesystem_attachments.php
index fa147795f..063f6d5e4 100644
--- a/plugins/filesystem_attachments/filesystem_attachments.php
+++ b/plugins/filesystem_attachments/filesystem_attachments.php
@@ -60,6 +60,7 @@ class filesystem_attachments extends rcube_plugin
$args['id'] = $this->file_id();
$args['path'] = $tmpfname;
$args['status'] = true;
+ @chmod($tmpfname, 0600); // set correct permissions (#148899)
// Note the file for later cleanup
$_SESSION['plugins']['filesystem_attachments'][$group][] = $tmpfname;
diff --git a/program/lib/Roundcube/rcube_image.php b/program/lib/Roundcube/rcube_image.php
index a55ba1600..735a0df01 100644
--- a/program/lib/Roundcube/rcube_image.php
+++ b/program/lib/Roundcube/rcube_image.php
@@ -124,6 +124,7 @@ class rcube_image
}
if ($result === '') {
+ @chmod($filename, 0600);
return $type;
}
}
@@ -183,6 +184,7 @@ class rcube_image
}
if ($result) {
+ @chmod($filename, 0600);
return $type;
}
}
@@ -223,6 +225,7 @@ class rcube_image
$result = rcube::exec($convert . ' 2>&1 -colorspace RGB -quality 75 {in} {type}:{out}', $p);
if ($result === '') {
+ @chmod($filename, 0600);
return true;
}
}
@@ -256,6 +259,7 @@ class rcube_image
}
if ($result) {
+ @chmod($filename, 0600);
return true;
}
}