Add workaround for IE<=8 bug where Content-Disposition:inline was ignored (#1488844)
| | |
|---|
| | | CHANGELOG Roundcube Webmail |
|---|
| | | =========================== |
|---|
| | | |
|---|
| | | - Add workaround for IE<=8 bug where Content-Disposition:inline was ignored (#1488844) |
|---|
| | | - Fix XSS vulnerability in vbscript: and data:text links handling (#1488850) |
|---|
| | | - Fix absolute positioning in HTML messages (#1488819) |
|---|
| | | - Fix keybord events on messages list in opera browser (#1488823) |
|---|
| | |
|---|
| | | |
|---|
| | | $disposition = !empty($plugin['download']) ? 'attachment' : 'inline'; |
|---|
| | | |
|---|
| | | // Workaround for nasty IE bug (#1488844) |
|---|
| | | // If Content-Disposition header contains string "attachment" e.g. in filename |
|---|
| | | // IE handles data as attachment not inline |
|---|
| | | if ($disposition == 'inline' && $browser->ie && $browser->ver < 9) { |
|---|
| | | $filename = str_ireplace('attachment', 'attach', $filename); |
|---|
| | | } |
|---|
| | | |
|---|
| | | header("Content-Disposition: $disposition; filename=\"$filename\""); |
|---|
| | | |
|---|
| | | // do content filtering to avoid XSS through fake images |
|---|
