From d7fcd8ce422a24f794d18e2212163690bf3ca753 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 26 Apr 2013 08:25:17 -0400
Subject: [PATCH] Fix possible collision in generated thumbnail cache key (#1489069)

---
 CHANGELOG                  |    1 +
 program/steps/mail/get.inc |    5 +++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 7606e53..a05d1fb 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Fix possible collision in generated thumbnail cache key (#1489069)
 - Fix exit code on bootsrap errors in CLI mode (#1489044)
 - Fix error handling in CLI mode, use STDERR and non-empty exit code (#1489043)
 - Fix error when using check_referer=true
diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc
index 8218aec..bcc6f11 100644
--- a/program/steps/mail/get.inc
+++ b/program/steps/mail/get.inc
@@ -62,9 +62,10 @@
     $thumbnail_size = $RCMAIL->config->get('image_thumbnail_size', 240);
     $temp_dir       = $RCMAIL->config->get('temp_dir');
     list(,$ext)     = explode('/', $part->mimetype);
-    $cache_basename = $temp_dir . '/' . md5($MESSAGE->headers->messageID . $part->mime_id . ':' . $RCMAIL->user->ID . ':' . $thumbnail_size);
-    $cache_file     = $cache_basename . '.' . $ext;
     $mimetype       = $part->mimetype;
+    $file_ident     = $MESSAGE->headers->messageID . ':' . $part->mime_id . ':' . $part->size . ':' . $part->mimetype;
+    $cache_basename = $temp_dir . '/' . md5($file_ident . ':' . $RCMAIL->user->ID . ':' . $thumbnail_size);
+    $cache_file     = $cache_basename . '.' . $ext;
 
     // render thumbnail image if not done yet
     if (!is_file($cache_file)) {

--
Gitblit v1.9.1