diff options
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | program/include/rcube_message.php | 13 |
2 files changed, 13 insertions, 1 deletions
@@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Fix handling of attachments with invalid content type (#1487767) - Add workaround for DBMail's bug http://www.dbmail.org/mantis/view.php?id=881 (#1487766) - Use IMAP's ID extension (RFC2971) to print more info into debug log - Security: add optional referer check to prevent CSRF in GET requests diff --git a/program/include/rcube_message.php b/program/include/rcube_message.php index 3a96a0b7b..a8c51cc4e 100644 --- a/program/include/rcube_message.php +++ b/program/include/rcube_message.php @@ -478,10 +478,21 @@ class rcube_message if (!empty($mail_part->filename)) $this->attachments[] = $mail_part; } - // is a regular attachment (content-type name regexp according to RFC4288.4.2) + // regular attachment with valid content type + // (content-type name regexp according to RFC4288.4.2) else if (preg_match('/^[a-z0-9!#$&.+^_-]+\/[a-z0-9!#$&.+^_-]+$/i', $part_mimetype)) { if (!$mail_part->filename) $mail_part->filename = 'Part '.$mail_part->mime_id; + + $this->attachments[] = $mail_part; + } + // attachment with invalid content type + // replace malformed content type with application/octet-stream (#1487767) + else if ($mail_part->filename) { + $mail_part->ctype_primary = 'application'; + $mail_part->ctype_secondary = 'octet-stream'; + $mail_part->mimetype = 'application/octet-stream'; + $this->attachments[] = $mail_part; } } |