From 2741d8ecedb156773328750be0d09ecc89afa4bd Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Wed, 10 Apr 2013 23:38:50 +0200
Subject: Set minimal permissions to temp files (#148899)

---
 plugins/filesystem_attachments/filesystem_attachments.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'plugins/filesystem_attachments/filesystem_attachments.php')

diff --git a/plugins/filesystem_attachments/filesystem_attachments.php b/plugins/filesystem_attachments/filesystem_attachments.php
index fa147795f..063f6d5e4 100644
--- a/plugins/filesystem_attachments/filesystem_attachments.php
+++ b/plugins/filesystem_attachments/filesystem_attachments.php
@@ -60,6 +60,7 @@ class filesystem_attachments extends rcube_plugin
             $args['id'] = $this->file_id();
             $args['path'] = $tmpfname;
             $args['status'] = true;
+            @chmod($tmpfname, 0600);  // set correct permissions (#148899)
 
             // Note the file for later cleanup
             $_SESSION['plugins']['filesystem_attachments'][$group][] = $tmpfname;
-- 
cgit v1.2.3