3 files changed, 158 insertions, 7 deletions
diff --git a/phpBB/download/file.php b/phpBB/download/file.php
index eee2090da0..3a28f282bd 100644
--- a/phpBB/download/file.php
+++ b/phpBB/download/file.php
@@ -279,7 +279,7 @@ else if ($download_id)
 		phpbb_increment_downloads($db, $attachment['attach_id']);
 	}
 
-	if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && ((strpos(strtolower($user->browser), 'msie') !== false) && (strpos(strtolower($user->browser), 'msie 8.0') === false)))
+	if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && !phpbb_is_greater_ie_version($user->browser, 7))
 	{
 		wrap_img_in_html(append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']);
 		file_gc();
diff --git a/phpBB/includes/functions_download.php b/phpBB/includes/functions_download.php
index ee4e2f5135..14bba369c9 100644
--- a/phpBB/includes/functions_download.php
+++ b/phpBB/includes/functions_download.php
@@ -46,7 +46,7 @@ function send_avatar_to_browser($file, $browser)
 		$image_data = @getimagesize($file_path);
 		header('Content-Type: ' . image_type_to_mime_type($image_data[2]));
 
-		if (strpos(strtolower($browser), 'msie') !== false && strpos(strtolower($browser), 'msie 8.0') === false)
+		if (!phpbb_is_greater_ie_version($browser, 7))
 		{
 			header('Content-Disposition: attachment; ' . header_filename($file));
 
@@ -174,10 +174,9 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 	header('Pragma: public');
 
 	// Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer.
-	$is_ie8 = (strpos(strtolower($user->browser), 'msie 8.0') !== false);
 	header('Content-Type: ' . $attachment['mimetype']);
 
-	if ($is_ie8)
+	if (phpbb_is_greater_ie_version($user->browser, 7))
 	{
 		header('X-Content-Type-Options: nosniff');
 	}
@@ -189,7 +188,7 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 	}
 	else
 	{
-		if (empty($user->browser) || (!$is_ie8 && (strpos(strtolower($user->browser), 'msie') !== false)))
+		if (empty($user->browser) || !phpbb_is_greater_ie_version($user->browser, 7))
 		{
 			header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
 			if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie 6.0') !== false))
@@ -200,7 +199,7 @@ function send_file_to_browser($attachment, $upload_dir, $category)
 		else
 		{
 			header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
-			if ($is_ie8 && (strpos($attachment['mimetype'], 'image') !== 0))
+			if (phpbb_is_greater_ie_version($user->browser, 7) && (strpos($attachment['mimetype'], 'image') !== 0))
 			{
 				header('X-Download-Options: noopen');
 			}
@@ -410,7 +409,8 @@ function set_modified_headers($stamp, $browser)
 
 	// let's see if we have to send the file at all
 	$last_load 	=  $request->header('Modified-Since') ? strtotime(trim($request->header('Modified-Since'))) : false;
-	if ((strpos(strtolower($browser), 'msie 6.0') === false) && (strpos(strtolower($browser), 'msie 8.0') === false))
+
+	if (strpos(strtolower($browser), 'msie 6.0') === false && !phpbb_is_greater_ie_version($browser, 7))
 	{
 		if ($last_load !== false && $last_load >= $stamp)
 		{
@@ -721,3 +721,24 @@ function phpbb_download_clean_filename($filename)
 
 	return $filename;
 }
+
+/**
+* Check if the browser is internet explorer version 7+
+*
+* @param string $user_agent	User agent HTTP header
+* @param int $version IE version to check against
+*
+* @return bool true if internet explorer version is greater than $version
+*/
+function phpbb_is_greater_ie_version($user_agent, $version)
+{
+	if (preg_match('/msie (\d+)/', strtolower($user_agent), $matches))
+	{
+		$ie_version = (int) $matches[1];
+		return ($ie_version > $version);
+	}
+	else
+	{
+		return false;
+	}
+}
diff --git a/tests/download/http_user_agent_test.php b/tests/download/http_user_agent_test.php
new file mode 100644
index 0000000000..166a186913
--- /dev/null
+++ b/tests/download/http_user_agent_test.php
@@ -0,0 +1,130 @@
+<?php
+/**
+*
+* @package testing
+* @copyright (c) 2013 phpBB Group
+* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
+*
+*/
+
+require_once dirname(__FILE__) . '/../../phpBB/includes/functions_download.php';
+
+class phpbb_download_http_user_agent_test extends phpbb_test_case
+{
+	public function user_agents_check_greater_ie_version()
+	{
+		return array(
+			// user agent
+			// IE version
+			// expected
+			array(
+				'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)',
+				7,
+				true,
+			),
+			array(
+				'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)',
+				7,
+				true,
+			),
+			array(
+				'Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)',
+				7,
+				true,
+			),
+			array(
+				'Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)',
+				7,
+				false,
+			),
+			array(
+				'Mozilla/4.0 (compatible; MSIE 6.1; Windows XP; .NET CLR 1.1.4322; .NET CLR 2.0.50727)',
+				7,
+				false,
+			),
+			array(
+				'Mozilla/4.0 (compatible; MSIE 6.01; Windows NT 6.0)',
+				7,
+				false,
+			),
+			array(
+				'Mozilla/5.0 (Windows; U; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)',
+				7,
+				false,
+			),
+			array(
+				'Mozilla/5.0 (Windows NT 6.2; Win64; x64;) Gecko/20100101 Firefox/20.0',
+				7,
+				false,
+			),
+			array(
+				'Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1464.0 Safari/537.36',
+				7,
+				false,
+			),
+			array(
+				'Googlebot-Image/1.0',
+				7,
+				false,
+			),
+			array(
+				'Googlebot/2.1 ( http://www.google.com/bot.html)',
+				7,
+				false,
+			),
+			array(
+				'Lynx/2.8.3dev.9 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.6',
+				7,
+				false,
+			),
+			array(
+				'Links (0.9x; Linux 2.4.7-10 i686)',
+				7,
+				false,
+			),
+			array(
+				'Opera/9.60 (Windows NT 5.1; U; de) Presto/2.1.1',
+				7,
+				false,
+			),
+			array(
+				'Mozilla/4.0 (compatible; MSIE 5.0; Windows NT;)',
+				7,
+				false,
+			),
+			array(
+				'Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 4.0) Opera 6.01 [en]',
+				7,
+				false,
+			),
+			array(
+				'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 9.24',
+				7,
+				false,
+			),
+			array(
+				'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)',
+				8,
+				true,
+			),
+			array(
+				'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)',
+				9,
+				true,
+			),
+			array(
+				'Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)',
+				10,
+				false,
+			),
+		);
+	}
+
+	/**
+	* @dataProvider user_agents_check_greater_ie_version
+	*/
+	public function test_is_greater_ie_version($user_agent, $version, $expected)
+	{
+		$this->assertEquals($expected, phpbb_is_greater_ie_version($user_agent, $version));
+	}
+}