summaryrefslogtreecommitdiff
path: root/plugins/odfviewer
diff options
context:
space:
mode:
authorThomas Bruederli <bruederli@kolabsys.com>2013-11-22 07:38:22 (GMT)
committerThomas Bruederli <bruederli@kolabsys.com>2013-11-22 07:38:22 (GMT)
commit3c240fe274cf57213889c61e46fb737d552866a0 (patch)
tree8fa1a6353c0c57062ea052d2daff7ff5656f5683 /plugins/odfviewer
parent5df13465a49a2305f1fbae7882d152d49b133f3d (diff)
downloadroundcubemail-plugins-kolab-3c240fe274cf57213889c61e46fb737d552866a0.tar.gz
Don't use file extension from message part to avoid abuse
Diffstat (limited to 'plugins/odfviewer')
-rw-r--r--plugins/odfviewer/odfviewer.php3
1 files changed, 2 insertions, 1 deletions
diff --git a/plugins/odfviewer/odfviewer.php b/plugins/odfviewer/odfviewer.php
index ebd8bd1..4a57b64 100644
--- a/plugins/odfviewer/odfviewer.php
+++ b/plugins/odfviewer/odfviewer.php
@@ -74,7 +74,8 @@ class odfviewer extends rcube_plugin
{
if (!$args['download'] && $args['mimetype'] && in_array($args['mimetype'], $this->odf_mimetypes)) {
if (empty($_GET['_load'])) {
- $suffix = preg_match('/(\.\w+)$/', $args['part']->filename, $m) ? $m[1] : '.odt';
+ $exts = rcube_mime::get_mime_extensions($args['mimetype']);
+ $suffix = $exts ? '.'.$exts[0] : '.odt';
$fn = md5(session_id() . $_SERVER['REQUEST_URI']) . $suffix;
// FIXME: copy file to disk because only apache can send the file correctly