From 5162b20986ca728f23fbf1ccbbd5100e4eeb2a13 Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Sun, 20 Nov 2016 12:35:31 +0100 Subject: [PATCH] Fix missing content check when image resize fails on attachment thumbnail generation (#5485) --- CHANGELOG | 1 + program/steps/mail/get.inc | 27 ++++++++++++++------------- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index ec926417532..b33a894f18a 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -14,6 +14,7 @@ CHANGELOG Roundcube Webmail Added memcache_max_allowed_packet and apc_max_allowed_packet settings (#5452) - Fix "Illegal string offset" warning in rcube::log_bug() on PHP 7.1 (#5508) - Fix storing "empty" values in rcube_cache/rcube_cache_shared (#5519) +- Fix missing content check when image resize fails on attachment thumbnail generation (#5485) RELEASE 1.2.2 ------------- diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc index f81bdc5757d..9272d29c2ca 100644 --- a/program/steps/mail/get.inc +++ b/program/steps/mail/get.inc @@ -72,7 +72,7 @@ if (!empty($_GET['_frame'])) { } // render thumbnail of an image attachment -else if ($_GET['_thumb']) { +if ($_GET['_thumb']) { $pid = rcube_utils::get_input_value('_part', rcube_utils::INPUT_GET); if ($part = $MESSAGE->mime_parts[$pid]) { $thumbnail_size = $RCMAIL->config->get('image_thumbnail_size', 240); @@ -93,26 +93,27 @@ else if ($_GET['_thumb']) { $mimetype = 'image/' . $imgtype; unlink($orig_name); } - else if (stripos($mimetype, 'image/svg') === 0) { - $content = rcmail_svg_filter(file_get_contents($orig_name)); - file_put_contents($cache_file, $content); - unlink($orig_name); - } else { - rename($orig_name, $cache_file); + // Resize failed, we need to check the file mimetype + // So, we do not exit here, but goto generic file body handler below + $_GET['_thumb'] = 0; + $_REQUEST['_embed'] = 1; } } } - if (is_file($cache_file)) { - header('Content-Type: ' . $mimetype); - readfile($cache_file); + if (!empty($_GET['_thumb'])) { + if (is_file($cache_file)) { + header('Content-Type: ' . $mimetype); + readfile($cache_file); + } + + exit; } } - - exit; } -else if (strlen($part_id)) { + +if (strlen($part_id)) { if ($part = $MESSAGE->mime_parts[$part_id]) { $mimetype = rcmail_fix_mimetype($part->mimetype);