From 73b3a0627fe093f5ee1b9536f93648571a3bf971 Mon Sep 17 00:00:00 2001 From: Moritz Bunkus Date: Thu, 2 Mar 2017 15:11:27 +0100 Subject: [PATCH] =?utf8?q?Mailer:=20Attribut=20=C2=BBpath=C2=AB=20bei=20?= =?utf8?q?=C2=BBContent-Type=C2=AB=20nicht=20setzen?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Darin steht der Pfad auf dem lokalen System und ist damit ein information leak, z.B. /var/www/kundenname/kivitendo/files/… --- SL/Mailer.pm | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/SL/Mailer.pm b/SL/Mailer.pm index 0783d33a4..c931dd319 100644 --- a/SL/Mailer.pm +++ b/SL/Mailer.pm @@ -139,7 +139,6 @@ sub _create_attachment_part { $::lxdebug->message(LXDebug->DEBUG2(), "mail5 att=" . $attachment . " email_journal=" . $email_journal . " id=" . $attachment->{id}); if (ref($attachment) eq "HASH") { - $attributes{Path} = $attachment->{path} || $attachment->{filename}; $attributes{filename} = $attachment->{name}; $file_id = $attachment->{id} || '0'; $attributes{content_type} = $attachment->{type} || 'application/pdf'; @@ -147,8 +146,6 @@ sub _create_attachment_part { $attachment_content = eval { read_file($attachment->{path}) } if !$attachment_content; } else { - # strip path - $attributes{Path} = $attachment; $attributes{filename} = $attachment; $attributes{filename} =~ s:.*\Q$self->{fileid}\E:: if $self->{fileid}; $attributes{filename} =~ s:.*/::g; @@ -165,7 +162,7 @@ sub _create_attachment_part { $attachment_content ||= ' '; $attributes{charset} = $self->{charset} if $self->{charset}; - $::lxdebug->message(LXDebug->DEBUG2(), "mail6 mtype=" . $attributes{Type} . " path=" . $attributes{Path} . " filename=" . $attributes{Filename}); + $::lxdebug->message(LXDebug->DEBUG2(), "mail6 mtype=" . $attributes{Type} . " filename=" . $attributes{Filename}); my $ent; if ( $attributes{content_type} eq 'message/rfc822' ) { -- 2.20.1