From 8810b6db0f7ea63313e660203b8519a6ea98e5be Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Fri, 10 Aug 2007 16:48:28 +0000
Subject: [PATCH] Check filesize of template includes (#1484409)

---
 CHANGELOG                           | 1 +
 program/include/rcmail_template.inc | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index 6dfbff4e8..75466dd81 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -12,6 +12,7 @@ CHANGELOG RoundCube Webmail
 - Added //IGNORE to iconv call (patch #1484420, closes #1484023)
 - Check if mbstring supports charset (#1484290 and #1484292)
 - Prefer iconv over mbstring (as suggested in #1484292)
+- Check filesize of template includes (#1484409)
 - Updated Simplified Chinese localization
 - Added Ukrainian translation
 
diff --git a/program/include/rcmail_template.inc b/program/include/rcmail_template.inc
index 6057f2af3..1c40c0e96 100644
--- a/program/include/rcmail_template.inc
+++ b/program/include/rcmail_template.inc
@@ -453,7 +453,7 @@ class rcmail_template extends rcube_html_page
       // include a file 
       case 'include':
         $path = realpath($this->config['skin_path'].$attrib['file']);
-        if ($fp = @fopen($path, 'r'))
+        if (filesize($path) && ($fp = @fopen($path, 'r')))
         {
           $incl = fread($fp, filesize($path));
           fclose($fp);