- Fix handling of attachments with invalid content type (#1487767)

alecpl

2011-02-09 b389252f2b5db908374cd1f839a9d89edec0894d

- Fix handling of attachments with invalid content type (#1487767)

 CHANGELOG

@@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================

- Fix handling of attachments with invalid content type (#1487767)
- Add workaround for DBMail's bug http://www.dbmail.org/mantis/view.php?id=881 (#1487766)
- Use IMAP's ID extension (RFC2971) to print more info into debug log
- Security: add optional referer check to prevent CSRF in GET requests

 program/include/rcube_message.php

@@ -478,10 +478,21 @@
                        if (!empty($mail_part->filename))
                            $this->attachments[] = $mail_part;
                    }
                    // is a regular attachment (content-type name regexp according to RFC4288.4.2)
                    // regular attachment with valid content type
                    // (content-type name regexp according to RFC4288.4.2)
                    else if (preg_match('/^[a-z0-9!#$&.+^_-]+\/[a-z0-9!#$&.+^_-]+$/i', $part_mimetype)) {
                        if (!$mail_part->filename)
                            $mail_part->filename = 'Part '.$mail_part->mime_id;

                        $this->attachments[] = $mail_part;
                    }
                    // attachment with invalid content type
                    // replace malformed content type with application/octet-stream (#1487767)
                    else if ($mail_part->filename) {
                        $mail_part->ctype_primary   = 'application';
                        $mail_part->ctype_secondary = 'octet-stream';
                        $mail_part->mimetype        = 'application/octet-stream';

                        $this->attachments[] = $mail_part;
                    }
                }