-
Bug
-
Resolution: Fixed
-
Blocker
-
3.0.10
-
None
-
None
In download/file.php we have special code that deals with IE8 for attachments/avatar display.
// Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer.
|
$is_ie8= (strpos(strtolower($user->browser), 'msie 8.0') !== false);
|
if (empty($user->browser) || (!$is_ie8 && (strpos(strtolower($user->browser), 'msie') !== false)))
|
{
|
header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
|
...
|
}
|
else
|
{
|
header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
|
...
|
}
|
This means that when you visit an attachment directly its downloaded in IE9 and not displayed in the browser like in IE8. The check should be changed so it just uses download for IE <8 if that is not a security risk.
- caused
-
-
- Closed
-