diff options
| author | Aleksander Machniak <alec@alec.pl> | 2012-12-05 09:46:03 +0100 |
|---|---|---|
| committer | Aleksander Machniak <alec@alec.pl> | 2012-12-05 09:46:44 +0100 |
| commit | 4163511314f54462e0786916bd8683f894fa1885 (patch) | |
| tree | 1f01260c17589479e5cefa1b7cde977cd336fad2 | |
| parent | 9019025222470462ea075560c287af4f260cdd8f (diff) | |
Add workaround for IE<=8 bug where Content-Disposition:inline was ignored (#1488844)
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | program/steps/mail/get.inc | 7 |
2 files changed, 8 insertions, 0 deletions
@@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Add workaround for IE<=8 bug where Content-Disposition:inline was ignored (#1488844) - Fix XSS vulnerability in vbscript: and data:text links handling (#1488850) - Fix absolute positioning in HTML messages (#1488819) - Fix keybord events on messages list in opera browser (#1488823) diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc index 924433df3..2cc2f12ca 100644 --- a/program/steps/mail/get.inc +++ b/program/steps/mail/get.inc @@ -150,6 +150,13 @@ else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) { $disposition = !empty($plugin['download']) ? 'attachment' : 'inline'; + // Workaround for nasty IE bug (#1488844) + // If Content-Disposition header contains string "attachment" e.g. in filename + // IE handles data as attachment not inline + if ($disposition == 'inline' && $browser->ie && $browser->ver < 9) { + $filename = str_ireplace('attachment', 'attach', $filename); + } + header("Content-Disposition: $disposition; filename=\"$filename\""); // do content filtering to avoid XSS through fake images |