From a694b7ad9eb8033b2ec3d182439c98d8aeaa3721 Mon Sep 17 00:00:00 2001 From: Thomas Bruederli Date: Wed, 23 Oct 2013 14:23:24 +0200 Subject: [PATCH] Only accept zip files if supported; use filename part only for temp file --- plugins/calendar/calendar.php | 2 +- plugins/calendar/lib/calendar_ui.php | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/plugins/calendar/calendar.php b/plugins/calendar/calendar.php index 2ab4e7b6..9a76a796 100644 --- a/plugins/calendar/calendar.php +++ b/plugins/calendar/calendar.php @@ -1014,7 +1014,7 @@ class calendar extends rcube_plugin for ($i = 0; $i < $zip->numFiles; $i++) { $filename = $zip->getNameIndex($i); if (preg_match('/\.ics$/i', $filename)) { - $tmpfile = $tmpdir . '/' . $filename; + $tmpfile = $tmpdir . '/' . basename($filename); if (copy('zip://' . $_FILES['_data']['tmp_name'] . '#'.$filename, $tmpfile)) { $count += $this->import_from_file($tmpfile, $calendar, $rangestart, $errors); unlink($tmpfile); diff --git a/plugins/calendar/lib/calendar_ui.php b/plugins/calendar/lib/calendar_ui.php index 4a08a0ca..009e6c72 100644 --- a/plugins/calendar/lib/calendar_ui.php +++ b/plugins/calendar/lib/calendar_ui.php @@ -536,9 +536,14 @@ class calendar_ui // Get max filesize, enable upload progress bar $max_filesize = rcube_upload_init(); + $accept = '.ics, text/calendar, text/x-vcalendar, application/ics'; + if (class_exists('ZipArchive', false)) { + $accept .= ', .zip, application/zip'; + } + $input = new html_inputfield(array( 'type' => 'file', 'name' => '_data', 'size' => $attrib['uploadfieldsize'], - 'accept' => '.ics, text/calendar, text/x-vcalendar, application/ics, .zip, application/zip')); + 'accept' => $accept)); $select = new html_select(array('name' => '_range', 'id' => 'event-import-range')); $select->add(array(