From 6ccd4c54bcc4cb77365defabe8bbe7d10b2620d4 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 07 May 2015 03:02:29 -0400
Subject: [PATCH] Fix security issue in contact photo handling (#1490379)

---
 program/steps/addressbook/photo.inc |    5 -----
 1 files changed, 0 insertions(+), 5 deletions(-)

diff --git a/program/steps/addressbook/photo.inc b/program/steps/addressbook/photo.inc
index 30d09ff..cd0ddd7 100644
--- a/program/steps/addressbook/photo.inc
+++ b/program/steps/addressbook/photo.inc
@@ -80,11 +80,6 @@
     $RCMAIL->output->redirect($data);
 }
 
-// deliver alt image
-if (!$data && ($alt_img = rcube_utils::get_input_value('_alt', rcube_utils::INPUT_GPC)) && is_file($alt_img)) {
-    $data = file_get_contents($alt_img);
-}
-
 // cache for one day if requested by email
 if (!$cid && $email) {
     $RCMAIL->output->future_expire_header(86400);

--
Gitblit v1.9.1