diff options
| author | alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2010-07-06 10:38:58 +0000 |
|---|---|---|
| committer | alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2010-07-06 10:38:58 +0000 |
| commit | 1ae7bba637456278418d0b2a92d17d7fb5c911d6 (patch) | |
| tree | 0d9221caf5ea19c780a1b08289a8fe0a704fa283 | |
| parent | 205ef9ba0fa704d5a3023a3b113d85d6424764ea (diff) | |
- Make sure attachment name doesn't contain \r\n (#1486832)
git-svn-id: https://svn.roundcube.net/trunk@3804 208e9e7b-5314-0410-a742-e7e81cd9613c
| -rw-r--r-- | roundcubemail/program/steps/mail/get.inc | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/roundcubemail/program/steps/mail/get.inc b/roundcubemail/program/steps/mail/get.inc index 9ebdf4367..67c62b284 100644 --- a/roundcubemail/program/steps/mail/get.inc +++ b/roundcubemail/program/steps/mail/get.inc @@ -55,7 +55,7 @@ else if ($pid = get_input_value('_part', RCUBE_INPUT_GET)) { $ctype_primary = strtolower($part->ctype_primary); $ctype_secondary = strtolower($part->ctype_secondary); $mimetype = sprintf('%s/%s', $ctype_primary, $ctype_secondary); - + $browser = new rcube_browser; // send download headers @@ -84,20 +84,21 @@ else if ($pid = get_input_value('_part', RCUBE_INPUT_GET)) { else { // don't kill the connection if download takes more than 30 sec. @set_time_limit(0); - + $filename = $part->filename ? $part->filename : ($MESSAGE->subject ? $MESSAGE->subject : 'roundcube') . '.'.$ctype_secondary; - + $filename = preg_replace('[\r\n]', '', $filename); + if ($browser->ie && $browser->ver < 7) $filename = rawurlencode(abbreviate_string($filename, 55)); else if ($browser->ie) $filename = rawurlencode($filename); else $filename = addcslashes($filename, '"'); - + $disposition = !empty($_GET['_download']) ? 'attachment' : 'inline'; - + header("Content-Disposition: $disposition; filename=\"$filename\""); - + // turn off output buffering and print part content if ($part->body) echo $part->body; |