diff options
| author | Aleksander Machniak <alec@alec.pl> | 2013-04-26 14:25:17 +0200 |
|---|---|---|
| committer | Aleksander Machniak <alec@alec.pl> | 2013-04-26 14:25:52 +0200 |
| commit | ecc1b3bd5e8d366815b39a5455a267c9f4ad6a19 (patch) | |
| tree | 65836ed3ca8704fd7af4e098a403b87e1c1fd62d | |
| parent | b542f8800e0d093afedf51c4789d901b454e4144 (diff) | |
Fix possible collision in generated thumbnail cache key (#1489069)
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | program/steps/mail/get.inc | 5 |
2 files changed, 4 insertions, 2 deletions
@@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Fix possible collision in generated thumbnail cache key (#1489069) - Fix exit code on bootsrap errors in CLI mode (#1489044) - Fix error handling in CLI mode, use STDERR and non-empty exit code (#1489043) - Fix error when using check_referer=true diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc index 8218aec73..bcc6f11bc 100644 --- a/program/steps/mail/get.inc +++ b/program/steps/mail/get.inc @@ -62,9 +62,10 @@ else if ($_GET['_thumb']) { $thumbnail_size = $RCMAIL->config->get('image_thumbnail_size', 240); $temp_dir = $RCMAIL->config->get('temp_dir'); list(,$ext) = explode('/', $part->mimetype); - $cache_basename = $temp_dir . '/' . md5($MESSAGE->headers->messageID . $part->mime_id . ':' . $RCMAIL->user->ID . ':' . $thumbnail_size); - $cache_file = $cache_basename . '.' . $ext; $mimetype = $part->mimetype; + $file_ident = $MESSAGE->headers->messageID . ':' . $part->mime_id . ':' . $part->size . ':' . $part->mimetype; + $cache_basename = $temp_dir . '/' . md5($file_ident . ':' . $RCMAIL->user->ID . ':' . $thumbnail_size); + $cache_file = $cache_basename . '.' . $ext; // render thumbnail image if not done yet if (!is_file($cache_file)) { |