Permalink
Browse files

Merge branch 'aydreeihn/issue/attachment_downloads' into release/v1.10.2

* aydreeihn/issue/attachment_downloads:
  Exclude Vulnerable Image Files
  Only allow image attachments to be opened in the browser window
  • Loading branch information...
JediKev committed Mar 20, 2018
2 parents 9dd9183 + 4f408b8 commit 4c79ff8386da1b6172c438c4d08b48f6a0c7f7c0
Showing with 3 additions and 0 deletions.
  1. +3 −0 include/class.http.php
View
@@ -106,6 +106,9 @@ function getDispositionFilename($filename) {
}
function download($filename, $type, $data=null, $disposition='attachment') {
if (strpos($type, 'image/') !== 0 || preg_match('/image\/.*\+.*/', $type))
$disposition='attachment';
header('Pragma: private');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Cache-Control: private', false);

0 comments on commit 4c79ff8

Please sign in to comment.