Micke/roundcubemail-plugins-kolab
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Don't use file extension from message part to avoid abuse

Browse source
This commit is contained in:
Thomas Bruederli 2013-11-22 08:38:22 +01:00
parent 5df13465a4
commit 3c240fe274
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
plugins/odfviewer/odfviewer.php
View file

@ -74,7 +74,8 @@ class odfviewer extends rcube_plugin
{
if (!$args['download'] && $args['mimetype'] && in_array($args['mimetype'], $this->odf_mimetypes)) {
if (empty($_GET['_load'])) {
$suffix = preg_match('/(\.\w+)$/', $args['part']->filename, $m) ? $m[1] : '.odt';
$exts = rcube_mime::get_mime_extensions($args['mimetype']);
$suffix = $exts ? '.'.$exts[0] : '.odt';
$fn = md5(session_id() . $_SERVER['REQUEST_URI']) . $suffix;
// FIXME: copy file to disk because only apache can send the file correctly