From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 plugins/zipdownload/zipdownload.php |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/plugins/zipdownload/zipdownload.php b/plugins/zipdownload/zipdownload.php
index de58881..443fef7 100644
--- a/plugins/zipdownload/zipdownload.php
+++ b/plugins/zipdownload/zipdownload.php
@@ -105,7 +105,7 @@
 		foreach ($message->attachments as $part) {
 			$pid = $part->mime_id;
 			$part = $message->mime_parts[$pid];
-			$disp_name = $this->_convert_filename($part->filename, $part->charset);
+			$disp_name = $this->_convert_filename($part->filename);
 
 			if ($part->body) {
 				$orig_message_raw = $part->body;
@@ -258,9 +258,9 @@
 	/**
 	 * Helper function to convert filenames to the configured charset
 	 */
-	private function _convert_filename($str, $from = RCMAIL_CHARSET)
+	private function _convert_filename($str)
 	{
-        $str = rcube_charset::convert($str, $from == '' ? RCUBE_CHARSET : $from, $this->charset);
+        $str = rcube_charset::convert($str, RCUBE_CHARSET, $this->charset);
 
 		return strtr($str, array(':'=>'', '/'=>'-'));
 	}

--
Gitblit v1.9.1