Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- --- squirrelmail.stable/squirrelmail/class/deliver/Deliver.class.php 2017-01-27 21:31:33.000000000 +0100
- +++ htdocs/class/deliver/Deliver.class.php 2018-03-14 17:21:10.320000000 +0100
- @@ -281,6 +281,7 @@
- global $username, $attachment_dir;
- $hashed_attachment_dir = getHashedDir($username, $attachment_dir);
- $filename = $message->att_local_name;
- + if(!ctype_alnum($filename)) die();
- // inspect attached file for lines longer than allowed by RFC,
- // in which case we'll be using base64 encoding (so we can split
- @@ -339,6 +340,7 @@
- global $username, $attachment_dir;
- $hashed_attachment_dir = getHashedDir($username, $attachment_dir);
- $filename = $message->att_local_name;
- + if(!ctype_alnum($filename)) die();
- $file = fopen ($hashed_attachment_dir . '/' . $filename, 'rb');
- while ($tmp = fread($file, 570)) {
Add Comment
Please, Sign In to add comment