summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2012-12-05 09:46:03 +0100
committerAleksander Machniak <alec@alec.pl>2012-12-05 09:46:44 +0100
commit4163511314f54462e0786916bd8683f894fa1885 (patch)
tree1f01260c17589479e5cefa1b7cde977cd336fad2
parent9019025222470462ea075560c287af4f260cdd8f (diff)
Add workaround for IE<=8 bug where Content-Disposition:inline was ignored (#1488844)
-rw-r--r--CHANGELOG1
-rw-r--r--program/steps/mail/get.inc7
2 files changed, 8 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG
index bc8b902e5..5eceea611 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================
+- Add workaround for IE<=8 bug where Content-Disposition:inline was ignored (#1488844)
- Fix XSS vulnerability in vbscript: and data:text links handling (#1488850)
- Fix absolute positioning in HTML messages (#1488819)
- Fix keybord events on messages list in opera browser (#1488823)
diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc
index 924433df3..2cc2f12ca 100644
--- a/program/steps/mail/get.inc
+++ b/program/steps/mail/get.inc
@@ -150,6 +150,13 @@ else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) {
$disposition = !empty($plugin['download']) ? 'attachment' : 'inline';
+ // Workaround for nasty IE bug (#1488844)
+ // If Content-Disposition header contains string "attachment" e.g. in filename
+ // IE handles data as attachment not inline
+ if ($disposition == 'inline' && $browser->ie && $browser->ver < 9) {
+ $filename = str_ireplace('attachment', 'attach', $filename);
+ }
+
header("Content-Disposition: $disposition; filename=\"$filename\"");
// do content filtering to avoid XSS through fake images