From f06aa8058b7e32ba32d4551074b6e0b8a300f751 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Mon, 21 Oct 2013 15:02:40 -0400
Subject: [PATCH] Bump version after security fix
---
program/steps/mail/get.inc | 14 ++++++++++++--
1 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc
index 7da8f13..2cc2f12 100644
--- a/program/steps/mail/get.inc
+++ b/program/steps/mail/get.inc
@@ -6,7 +6,10 @@
| |
| This file is part of the Roundcube Webmail client |
| Copyright (C) 2005-2011, The Roundcube Dev Team |
- | Licensed under the GNU GPL |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
| |
| PURPOSE: |
| Delivering a specific part of a mail message |
@@ -82,7 +85,7 @@
// allow post-processing of the message body
$plugin = $RCMAIL->plugins->exec_hook('message_part_get',
- array('id' => $part->mime_id, 'mimetype' => $mimetype, 'part' => $part, 'download' => !empty($_GET['_download'])));
+ array('uid' => $MESSAGE->uid, 'id' => $part->mime_id, 'mimetype' => $mimetype, 'part' => $part, 'download' => !empty($_GET['_download'])));
if ($plugin['abort'])
exit;
@@ -147,6 +150,13 @@
$disposition = !empty($plugin['download']) ? 'attachment' : 'inline';
+ // Workaround for nasty IE bug (#1488844)
+ // If Content-Disposition header contains string "attachment" e.g. in filename
+ // IE handles data as attachment not inline
+ if ($disposition == 'inline' && $browser->ie && $browser->ver < 9) {
+ $filename = str_ireplace('attachment', 'attach', $filename);
+ }
+
header("Content-Disposition: $disposition; filename=\"$filename\"");
// do content filtering to avoid XSS through fake images
--
Gitblit v1.9.1