Branch 'roundcubemail-plugins-kolab-3.1' - plugins/odfviewer
Thomas Brüderli
bruederli at kolabsys.com
Fri Nov 22 08:40:42 CET 2013
plugins/odfviewer/odfviewer.php | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
New commits:
commit 3aa41ad69388dd57ad84c85c4de118a79fc28276
Author: Thomas Bruederli <bruederli at kolabsys.com>
Date: Fri Nov 22 08:38:22 2013 +0100
Don't use file extension from message part to avoid abuse
diff --git a/plugins/odfviewer/odfviewer.php b/plugins/odfviewer/odfviewer.php
index ebd8bd1..4a57b64 100644
--- a/plugins/odfviewer/odfviewer.php
+++ b/plugins/odfviewer/odfviewer.php
@@ -74,7 +74,8 @@ class odfviewer extends rcube_plugin
{
if (!$args['download'] && $args['mimetype'] && in_array($args['mimetype'], $this->odf_mimetypes)) {
if (empty($_GET['_load'])) {
- $suffix = preg_match('/(\.\w+)$/', $args['part']->filename, $m) ? $m[1] : '.odt';
+ $exts = rcube_mime::get_mime_extensions($args['mimetype']);
+ $suffix = $exts ? '.'.$exts[0] : '.odt';
$fn = md5(session_id() . $_SERVER['REQUEST_URI']) . $suffix;
// FIXME: copy file to disk because only apache can send the file correctly
More information about the commits
mailing list