- Fix handling of attachments with invalid content type (#1487767)

CHANGELOG

@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Fix handling of attachments with invalid content type (#1487767)
 - Add workaround for DBMail's bug http://www.dbmail.org/mantis/view.php?id=881 (#1487766)
 - Use IMAP's ID extension (RFC2971) to print more info into debug log
 - Security: add optional referer check to prevent CSRF in GET requests

program/include/rcube_message.php

@@ -478,10 +478,21 @@ class rcube_message
                         if (!empty($mail_part->filename))
                             $this->attachments[] = $mail_part;
                     }
-                    // is a regular attachment (content-type name regexp according to RFC4288.4.2)
+                    // regular attachment with valid content type
+                    // (content-type name regexp according to RFC4288.4.2)
                     else if (preg_match('/^[a-z0-9!#$&.+^_-]+\/[a-z0-9!#$&.+^_-]+$/i', $part_mimetype)) {
                         if (!$mail_part->filename)
                             $mail_part->filename = 'Part '.$mail_part->mime_id;
+
+                        $this->attachments[] = $mail_part;
+                    }
+                    // attachment with invalid content type
+                    // replace malformed content type with application/octet-stream (#1487767)
+                    else if ($mail_part->filename) {
+                        $mail_part->ctype_primary   = 'application';
+                        $mail_part->ctype_secondary = 'octet-stream';
+                        $mail_part->mimetype        = 'application/octet-stream';
+
                         $this->attachments[] = $mail_part;
                     }
                 }