From b413bb2b6022a67ae87d1f21ef20158400c6365d Mon Sep 17 00:00:00 2001 From: Thomas Bruederli Date: Wed, 10 Apr 2013 23:38:50 +0200 Subject: Set minimal permissions to temp files (#148899) --- plugins/filesystem_attachments/filesystem_attachments.php | 1 + program/lib/Roundcube/rcube_image.php | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/plugins/filesystem_attachments/filesystem_attachments.php b/plugins/filesystem_attachments/filesystem_attachments.php index fa147795f..063f6d5e4 100644 --- a/plugins/filesystem_attachments/filesystem_attachments.php +++ b/plugins/filesystem_attachments/filesystem_attachments.php @@ -60,6 +60,7 @@ class filesystem_attachments extends rcube_plugin $args['id'] = $this->file_id(); $args['path'] = $tmpfname; $args['status'] = true; + @chmod($tmpfname, 0600); // set correct permissions (#148899) // Note the file for later cleanup $_SESSION['plugins']['filesystem_attachments'][$group][] = $tmpfname; diff --git a/program/lib/Roundcube/rcube_image.php b/program/lib/Roundcube/rcube_image.php index a55ba1600..735a0df01 100644 --- a/program/lib/Roundcube/rcube_image.php +++ b/program/lib/Roundcube/rcube_image.php @@ -124,6 +124,7 @@ class rcube_image } if ($result === '') { + @chmod($filename, 0600); return $type; } } @@ -183,6 +184,7 @@ class rcube_image } if ($result) { + @chmod($filename, 0600); return $type; } } @@ -223,6 +225,7 @@ class rcube_image $result = rcube::exec($convert . ' 2>&1 -colorspace RGB -quality 75 {in} {type}:{out}', $p); if ($result === '') { + @chmod($filename, 0600); return true; } } @@ -256,6 +259,7 @@ class rcube_image } if ($result) { + @chmod($filename, 0600); return true; } } -- cgit v1.2.3