From ecc1b3bd5e8d366815b39a5455a267c9f4ad6a19 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 26 Apr 2013 14:25:17 +0200
Subject: Fix possible collision in generated thumbnail cache key (#1489069)

---
 CHANGELOG                  | 1 +
 program/steps/mail/get.inc | 5 +++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 8258f1de0..e3f6b5165 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Fix possible collision in generated thumbnail cache key (#1489069)
 - Fix exit code on bootsrap errors in CLI mode (#1489044)
 - Fix error handling in CLI mode, use STDERR and non-empty exit code (#1489043)
 - Fix error when using check_referer=true
diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc
index 8218aec73..bcc6f11bc 100644
--- a/program/steps/mail/get.inc
+++ b/program/steps/mail/get.inc
@@ -62,9 +62,10 @@ else if ($_GET['_thumb']) {
     $thumbnail_size = $RCMAIL->config->get('image_thumbnail_size', 240);
     $temp_dir       = $RCMAIL->config->get('temp_dir');
     list(,$ext)     = explode('/', $part->mimetype);
-    $cache_basename = $temp_dir . '/' . md5($MESSAGE->headers->messageID . $part->mime_id . ':' . $RCMAIL->user->ID . ':' . $thumbnail_size);
-    $cache_file     = $cache_basename . '.' . $ext;
     $mimetype       = $part->mimetype;
+    $file_ident     = $MESSAGE->headers->messageID . ':' . $part->mime_id . ':' . $part->size . ':' . $part->mimetype;
+    $cache_basename = $temp_dir . '/' . md5($file_ident . ':' . $RCMAIL->user->ID . ':' . $thumbnail_size);
+    $cache_file     = $cache_basename . '.' . $ext;
 
     // render thumbnail image if not done yet
     if (!is_file($cache_file)) {
-- 
cgit v1.2.3