2 commits - plugins/odfviewer
Thomas Brüderli
bruederli at kolabsys.com
Fri Nov 22 08:40:41 CET 2013
plugins/odfviewer/odfviewer.php | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
New commits:
commit 084be44d9c0bff834d3b992b58de2b531bd8a52f
Merge: 3c240fe a525da4
Author: Thomas Bruederli <bruederli at kolabsys.com>
Date: Fri Nov 22 08:40:22 2013 +0100
Merge branch 'master' of ssh://git.kolab.org/git/roundcubemail-plugins-kolab
commit 3c240fe274cf57213889c61e46fb737d552866a0
Author: Thomas Bruederli <bruederli at kolabsys.com>
Date: Fri Nov 22 08:38:22 2013 +0100
Don't use file extension from message part to avoid abuse
diff --git a/plugins/odfviewer/odfviewer.php b/plugins/odfviewer/odfviewer.php
index ebd8bd1..4a57b64 100644
--- a/plugins/odfviewer/odfviewer.php
+++ b/plugins/odfviewer/odfviewer.php
@@ -74,7 +74,8 @@ class odfviewer extends rcube_plugin
{
if (!$args['download'] && $args['mimetype'] && in_array($args['mimetype'], $this->odf_mimetypes)) {
if (empty($_GET['_load'])) {
- $suffix = preg_match('/(\.\w+)$/', $args['part']->filename, $m) ? $m[1] : '.odt';
+ $exts = rcube_mime::get_mime_extensions($args['mimetype']);
+ $suffix = $exts ? '.'.$exts[0] : '.odt';
$fn = md5(session_id() . $_SERVER['REQUEST_URI']) . $suffix;
// FIXME: copy file to disk because only apache can send the file correctly
More information about the commits
mailing list