Fix bug where some files could have "executable" extension when stored in temp folder (#1490377)

10 years ago · 03aa84f784
parent df10bd5f2c
commit 03aa84f784
3 changed files with 5 additions and 6 deletions
--- a/1
+++ b/1
@ -28,6 +28,7 @@ CHANGELOG Roundcube Webmail
 - Fix security issue in contact photo handling (#1490379)
 - Fix possible memcache/apc cache data consistency issues (#1490390)
 - Fix bug where imap_conn_options were ignored in IMAP connection test (#1490392)
+- Fix bug where some files could have "executable" extension when stored in temp folder (#1490377)

 RELEASE 1.1.1
 -------------
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@ -2073,16 +2073,15 @@ class rcmail extends rcube
            if (!empty($_GET['_thumbnail'])) {
                $temp_dir       = $this->config->get('temp_dir');
                $thumbnail_size = 80;
-                list(,$ext)     = explode('/', $file['mimetype']);
                $mimetype       = $file['mimetype'];
                $file_ident     = $file['id'] . ':' . $file['mimetype'] . ':' . $file['size'];
                $cache_basename = $temp_dir . '/' . md5($file_ident . ':' . $this->user->ID . ':' . $thumbnail_size);
-                $cache_file     = $cache_basename . '.' . $ext;
+                $cache_file     = $cache_basename . '.thumb';

                // render thumbnail image if not done yet
                if (!is_file($cache_file)) {
                    if (!$file['path']) {
-                        $orig_name = $filename = $cache_basename . '.orig.' . $ext;
+                        $orig_name = $filename = $cache_basename . '.tmp';
                        file_put_contents($orig_name, $file['data']);
                    }
                    else {
--- a/program/steps/mail/get.inc
+++ b/program/steps/mail/get.inc
@ -78,15 +78,14 @@ else if ($_GET['_thumb']) {
    if ($part = $MESSAGE->mime_parts[$pid]) {
        $thumbnail_size = $RCMAIL->config->get('image_thumbnail_size', 240);
        $temp_dir       = $RCMAIL->config->get('temp_dir');
-        list(,$ext)     = explode('/', $part->mimetype);
        $mimetype       = $part->mimetype;
        $file_ident     = $MESSAGE->headers->messageID . ':' . $part->mime_id . ':' . $part->size . ':' . $part->mimetype;
        $cache_basename = $temp_dir . '/' . md5($file_ident . ':' . $RCMAIL->user->ID . ':' . $thumbnail_size);
-        $cache_file     = $cache_basename . '.' . $ext;
+        $cache_file     = $cache_basename . '.thumb';

        // render thumbnail image if not done yet
        if (!is_file($cache_file)) {
-            if ($fp = fopen(($orig_name = $cache_basename . '.orig.' . $ext), 'w')) {
+            if ($fp = fopen(($orig_name = $cache_basename . '.tmp'), 'w')) {
                $MESSAGE->get_part_body($part->mime_id, false, 0, $fp);
                fclose($fp);