diff options
| author | Henry Sudhof <kellanved@phpbb.com> | 2008-08-28 13:10:05 +0000 |
|---|---|---|
| committer | Henry Sudhof <kellanved@phpbb.com> | 2008-08-28 13:10:05 +0000 |
| commit | 761897cb1c778e4be19aeaabe70f81a7c47ef40e (patch) | |
| tree | da370e44d968a0d8d4eee4903d6e27ff1f1e5f07 /phpBB/download | |
| parent | 68dfc03841facd5c66fd023981e924989b376bb1 (diff) | |
| download | forums-761897cb1c778e4be19aeaabe70f81a7c47ef40e.tar forums-761897cb1c778e4be19aeaabe70f81a7c47ef40e.tar.gz forums-761897cb1c778e4be19aeaabe70f81a7c47ef40e.tar.bz2 forums-761897cb1c778e4be19aeaabe70f81a7c47ef40e.tar.xz forums-761897cb1c778e4be19aeaabe70f81a7c47ef40e.zip | |
Getting ready for IE8 which finally improves security a bit. Let's allow our users to benefit from that
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8792 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/download')
| -rw-r--r-- | phpBB/download/file.php | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/phpBB/download/file.php b/phpBB/download/file.php index dc3a14eb4c..a89f05b8cf 100644 --- a/phpBB/download/file.php +++ b/phpBB/download/file.php @@ -15,6 +15,8 @@ define('IN_PHPBB', true); $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../'; $phpEx = substr(strrchr(__FILE__, '.'), 1); + +// Thank you sun. if (isset($_SERVER['CONTENT_TYPE'])) { if ($_SERVER['CONTENT_TYPE'] === 'application/x-java-archive') @@ -273,7 +275,7 @@ else if (($display_cat == ATTACHMENT_CATEGORY_NONE || $display_cat == ATTACHMENT $db->sql_query($sql); } -if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && strpos(strtolower($user->browser), 'msie') !== false) +if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && ((strpos(strtolower($user->browser), 'msie') !== false) && (strpos(strtolower($user->browser), 'msie 8.0') === false))) { wrap_img_in_html(append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']); } @@ -330,7 +332,7 @@ function send_avatar_to_browser($file, $browser) $image_data = @getimagesize($file_path); header('Content-Type: ' . image_type_to_mime_type($image_data[2])); - if (strpos(strtolower($browser), 'msie') !== false) + if (strpos(strtolower($browser), 'msie') !== false && strpos(strtolower($browser), 'msie 8.0') === false) { header('Content-Disposition: attachment; ' . header_filename($file)); @@ -460,9 +462,10 @@ function send_file_to_browser($attachment, $upload_dir, $category) */ // Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer. - header('Content-Type: ' . $attachment['mimetype']); + $is_ie8 = (strpos(strtolower($user->browser), 'msie 8.0') !== false); + header('Content-Type: ' . $attachment['mimetype'] . (($is_ie8) ? '; authoritative=true;' : '')); - if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie') !== false)) + if (empty($user->browser) || (!$is_ie8 && (strpos(strtolower($user->browser), 'msie') !== false))) { header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename']))); if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie 6.0') !== false)) @@ -473,6 +476,10 @@ function send_file_to_browser($attachment, $upload_dir, $category) else { header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename']))); + if ($is_ie8 && (strpos($attachment['mimetype'], 'image') !== 0)) + { + header('X-Download-Options: noopen'); + } } if ($size) @@ -645,7 +652,7 @@ function set_modified_headers($stamp, $browser) { // let's see if we have to send the file at all $last_load = isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime(trim($_SERVER['HTTP_IF_MODIFIED_SINCE'])) : false; - if (strpos(strtolower($browser), 'msie 6.0') === false) + if ((strpos(strtolower($browser), 'msie 6.0') === false) && (strpos(strtolower($browser), 'msie 8.0') === false)) { if ($last_load !== false && $last_load <= $stamp) { |