From b413bb2b6022a67ae87d1f21ef20158400c6365d Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Wed, 10 Apr 2013 17:38:50 -0400
Subject: [PATCH] Set minimal permissions to temp files (#148899)

---
 plugins/filesystem_attachments/filesystem_attachments.php |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/plugins/filesystem_attachments/filesystem_attachments.php b/plugins/filesystem_attachments/filesystem_attachments.php
index fa14779..063f6d5 100644
--- a/plugins/filesystem_attachments/filesystem_attachments.php
+++ b/plugins/filesystem_attachments/filesystem_attachments.php
@@ -60,6 +60,7 @@
             $args['id'] = $this->file_id();
             $args['path'] = $tmpfname;
             $args['status'] = true;
+            @chmod($tmpfname, 0600);  // set correct permissions (#148899)
 
             // Note the file for later cleanup
             $_SESSION['plugins']['filesystem_attachments'][$group][] = $tmpfname;

--
Gitblit v1.9.1