From 6ccd4c54bcc4cb77365defabe8bbe7d10b2620d4 Mon Sep 17 00:00:00 2001 From: Aleksander Machniak <alec@alec.pl> Date: Thu, 07 May 2015 03:02:29 -0400 Subject: [PATCH] Fix security issue in contact photo handling (#1490379) --- program/steps/addressbook/photo.inc | 5 ----- 1 files changed, 0 insertions(+), 5 deletions(-) diff --git a/program/steps/addressbook/photo.inc b/program/steps/addressbook/photo.inc index 30d09ff..cd0ddd7 100644 --- a/program/steps/addressbook/photo.inc +++ b/program/steps/addressbook/photo.inc @@ -80,11 +80,6 @@ $RCMAIL->output->redirect($data); } -// deliver alt image -if (!$data && ($alt_img = rcube_utils::get_input_value('_alt', rcube_utils::INPUT_GPC)) && is_file($alt_img)) { - $data = file_get_contents($alt_img); -} - // cache for one day if requested by email if (!$cid && $email) { $RCMAIL->output->future_expire_header(86400); -- Gitblit v1.9.1