From b389252f2b5db908374cd1f839a9d89edec0894d Mon Sep 17 00:00:00 2001 From: alecpl Date: Wed, 9 Feb 2011 12:33:07 +0000 Subject: - Fix handling of attachments with invalid content type (#1487767) --- CHANGELOG | 1 + program/include/rcube_message.php | 13 ++++++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 881779653..90faf4a9c 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Fix handling of attachments with invalid content type (#1487767) - Add workaround for DBMail's bug http://www.dbmail.org/mantis/view.php?id=881 (#1487766) - Use IMAP's ID extension (RFC2971) to print more info into debug log - Security: add optional referer check to prevent CSRF in GET requests diff --git a/program/include/rcube_message.php b/program/include/rcube_message.php index 3a96a0b7b..a8c51cc4e 100644 --- a/program/include/rcube_message.php +++ b/program/include/rcube_message.php @@ -478,10 +478,21 @@ class rcube_message if (!empty($mail_part->filename)) $this->attachments[] = $mail_part; } - // is a regular attachment (content-type name regexp according to RFC4288.4.2) + // regular attachment with valid content type + // (content-type name regexp according to RFC4288.4.2) else if (preg_match('/^[a-z0-9!#$&.+^_-]+\/[a-z0-9!#$&.+^_-]+$/i', $part_mimetype)) { if (!$mail_part->filename) $mail_part->filename = 'Part '.$mail_part->mime_id; + + $this->attachments[] = $mail_part; + } + // attachment with invalid content type + // replace malformed content type with application/octet-stream (#1487767) + else if ($mail_part->filename) { + $mail_part->ctype_primary = 'application'; + $mail_part->ctype_secondary = 'octet-stream'; + $mail_part->mimetype = 'application/octet-stream'; + $this->attachments[] = $mail_part; } } -- cgit v1.2.3