[Svn] r2877 - trunk/roundcubemail/program/include

trac at roundcube.net trac at roundcube.net
Thu Aug 27 10:08:27 CEST 2009


Author: thomasb
Date: 2009-08-27 03:08:27 -0500 (Thu, 27 Aug 2009)
New Revision: 2877

Modified:
   trunk/roundcubemail/program/include/rcube_message.php
Log:
Only allow images as 'inline' parts; list other parts as attachments if they have a valid mime type

Modified: trunk/roundcubemail/program/include/rcube_message.php
===================================================================
--- trunk/roundcubemail/program/include/rcube_message.php	2009-08-27 07:37:15 UTC (rev 2876)
+++ trunk/roundcubemail/program/include/rcube_message.php	2009-08-27 08:08:27 UTC (rev 2877)
@@ -392,16 +392,17 @@
 
           // part belongs to a related message and is linked
           if ($message_ctype_secondary == 'related'
-	      && ($mail_part->headers['content-id'] || $mail_part->headers['content-location'])) {
+              && preg_match('!^image/!', $mail_part->mimetype)
+              && ($mail_part->headers['content-id'] || $mail_part->headers['content-location'])) {
             if ($mail_part->headers['content-id'])
               $mail_part->content_id = preg_replace(array('/^</', '/>$/'), '', $mail_part->headers['content-id']);
             if ($mail_part->headers['content-location'])
               $mail_part->content_location = $mail_part->headers['content-base'] . $mail_part->headers['content-location'];
-    
+              
             $this->inline_parts[] = $mail_part;
           }
           // is a regular attachment
-          else {
+          else if (preg_match('!^[a-z]+/[a-z0-9-.]+$!i', $mail_part->mimetype)) {
             if (!$mail_part->filename)
               $mail_part->filename = 'Part '.$mail_part->mime_id;
             $this->attachments[] = $mail_part;

_______________________________________________
http://lists.roundcube.net/mailman/listinfo/svn



More information about the Svn mailing list