diff options
| author | thomascube <thomas@roundcube.net> | 2006-12-22 21:45:21 +0000 |
|---|---|---|
| committer | thomascube <thomas@roundcube.net> | 2006-12-22 21:45:21 +0000 |
| commit | ee883ad73d64639eb994a71e15b1a37c07ff3cb9 (patch) | |
| tree | 2dd00a5976d0cb31a006f6489b9b9d3d0438abb3 /program/steps/mail/sendmail.inc | |
| parent | 8af7757525b312b001bede8b044b83e993860878 (diff) | |
Applied security patches by Kees Cook (Ubuntu) + little visual enhancements
Diffstat (limited to 'program/steps/mail/sendmail.inc')
| -rw-r--r-- | program/steps/mail/sendmail.inc | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/program/steps/mail/sendmail.inc b/program/steps/mail/sendmail.inc index 716072a48..2d2cb33db 100644 --- a/program/steps/mail/sendmail.inc +++ b/program/steps/mail/sendmail.inc @@ -100,6 +100,8 @@ function rcmail_attach_emoticons(&$mime_message) $image_name = substr($body, $pos + strlen($searchstr), $pos2 - ($pos + strlen($searchstr))); + // sanitize image name so resulting attachment doesn't leave images dir + $image_name = preg_replace('/[^a-zA-Z0-9_\.\-]/i','',$image_name); $body_post = substr($body, $pos2); |