From d2131a9fafcfe5a3ec36792616d1896fb94a9ca9 Mon Sep 17 00:00:00 2001
From: thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>
Date: Fri, 10 Aug 2007 16:48:28 +0000
Subject: Check filesize of template includes (#1484409)

git-svn-id: https://svn.roundcube.net/trunk@674 208e9e7b-5314-0410-a742-e7e81cd9613c
---
 roundcubemail/CHANGELOG                           | 1 +
 roundcubemail/program/include/rcmail_template.inc | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/roundcubemail/CHANGELOG b/roundcubemail/CHANGELOG
index 6dfbff4e8..75466dd81 100644
--- a/roundcubemail/CHANGELOG
+++ b/roundcubemail/CHANGELOG
@@ -12,6 +12,7 @@ CHANGELOG RoundCube Webmail
 - Added //IGNORE to iconv call (patch #1484420, closes #1484023)
 - Check if mbstring supports charset (#1484290 and #1484292)
 - Prefer iconv over mbstring (as suggested in #1484292)
+- Check filesize of template includes (#1484409)
 - Updated Simplified Chinese localization
 - Added Ukrainian translation
 
diff --git a/roundcubemail/program/include/rcmail_template.inc b/roundcubemail/program/include/rcmail_template.inc
index 6057f2af3..1c40c0e96 100644
--- a/roundcubemail/program/include/rcmail_template.inc
+++ b/roundcubemail/program/include/rcmail_template.inc
@@ -453,7 +453,7 @@ class rcmail_template extends rcube_html_page
       // include a file 
       case 'include':
         $path = realpath($this->config['skin_path'].$attrib['file']);
-        if ($fp = @fopen($path, 'r'))
+        if (filesize($path) && ($fp = @fopen($path, 'r')))
         {
           $incl = fread($fp, filesize($path));
           fclose($fp);        
-- 
cgit v1.2.3