diff options
| author | thomascube <thomas@roundcube.net> | 2007-08-10 08:27:40 +0000 |
|---|---|---|
| committer | thomascube <thomas@roundcube.net> | 2007-08-10 08:27:40 +0000 |
| commit | 719a257f0c8fd750a4984ed56273dc653565729e (patch) | |
| tree | 2707636618edff63d691180a99a48cbdda350703 /program/steps/mail/get.inc | |
| parent | 4b9efbb9f49911b17bde2d46b86df825e987101e (diff) | |
Some bugfixes, security issues + minor improvements
Diffstat (limited to 'program/steps/mail/get.inc')
| -rw-r--r-- | program/steps/mail/get.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc index 11688f125..cbf8e0c88 100644 --- a/program/steps/mail/get.inc +++ b/program/steps/mail/get.inc @@ -29,7 +29,7 @@ if ($_GET['_preload']) $message = rcube_label('loadingdata'); print "<html>\n<head>\n" . - '<meta http-equiv="refresh" content="0; url='.htmlspecialchars($url).'">' . + '<meta http-equiv="refresh" content="0; url='.Q($url).'">' . "\n</head>\n<body>" . $message . "\n</body>\n</html>"; @@ -107,7 +107,7 @@ else if ($pid = get_input_value('_part', RCUBE_INPUT_GET)) else { header(sprintf('Content-Disposition: %s; filename="%s";', - $part->disposition ? $part->disposition : 'attachment', + $_GET['_download'] ? 'attachment' : 'inline', $part->filename ? $part->filename : "roundcube.$ctype_secondary")); // turn off output buffering and print part content |