mirror of
https://github.com/phpbb/phpbb.git
synced 2025-06-11 13:58:54 +00:00
Getting ready for IE8 which finally improves security a bit. Let's allow our users to benefit from that
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8792 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Henry Sudhof
parent
68dfc03841
commit
761897cb1c
1 changed files with 12 additions and 5 deletions
|
|
@ -15,6 +15,8 @@ define('IN_PHPBB', true);
|
|||
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './../';
|
||||
$phpEx = substr(strrchr(__FILE__, '.'), 1);
|
||||
|
||||
|
||||
// Thank you sun.
|
||||
if (isset($_SERVER['CONTENT_TYPE']))
|
||||
{
|
||||
if ($_SERVER['CONTENT_TYPE'] === 'application/x-java-archive')
|
||||
|
|
@ -273,7 +275,7 @@ else if (($display_cat == ATTACHMENT_CATEGORY_NONE || $display_cat == ATTACHMENT
|
|||
$db->sql_query($sql);
|
||||
}
|
||||
|
||||
if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && strpos(strtolower($user->browser), 'msie') !== false)
|
||||
if ($display_cat == ATTACHMENT_CATEGORY_IMAGE && $mode === 'view' && (strpos($attachment['mimetype'], 'image') === 0) && ((strpos(strtolower($user->browser), 'msie') !== false) && (strpos(strtolower($user->browser), 'msie 8.0') === false)))
|
||||
{
|
||||
wrap_img_in_html(append_sid($phpbb_root_path . 'download/file.' . $phpEx, 'id=' . $attachment['attach_id']), $attachment['real_filename']);
|
||||
}
|
||||
|
|
@ -330,7 +332,7 @@ function send_avatar_to_browser($file, $browser)
|
|||
$image_data = @getimagesize($file_path);
|
||||
header('Content-Type: ' . image_type_to_mime_type($image_data[2]));
|
||||
|
||||
if (strpos(strtolower($browser), 'msie') !== false)
|
||||
if (strpos(strtolower($browser), 'msie') !== false && strpos(strtolower($browser), 'msie 8.0') === false)
|
||||
{
|
||||
header('Content-Disposition: attachment; ' . header_filename($file));
|
||||
|
||||
|
|
@ -460,9 +462,10 @@ function send_file_to_browser($attachment, $upload_dir, $category)
|
|||
*/
|
||||
|
||||
// Send out the Headers. Do not set Content-Disposition to inline please, it is a security measure for users using the Internet Explorer.
|
||||
header('Content-Type: ' . $attachment['mimetype']);
|
||||
$is_ie8 = (strpos(strtolower($user->browser), 'msie 8.0') !== false);
|
||||
header('Content-Type: ' . $attachment['mimetype'] . (($is_ie8) ? '; authoritative=true;' : ''));
|
||||
|
||||
if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie') !== false))
|
||||
if (empty($user->browser) || (!$is_ie8 && (strpos(strtolower($user->browser), 'msie') !== false)))
|
||||
{
|
||||
header('Content-Disposition: attachment; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
|
||||
if (empty($user->browser) || (strpos(strtolower($user->browser), 'msie 6.0') !== false))
|
||||
|
|
@ -473,6 +476,10 @@ function send_file_to_browser($attachment, $upload_dir, $category)
|
|||
else
|
||||
{
|
||||
header('Content-Disposition: ' . ((strpos($attachment['mimetype'], 'image') === 0) ? 'inline' : 'attachment') . '; ' . header_filename(htmlspecialchars_decode($attachment['real_filename'])));
|
||||
if ($is_ie8 && (strpos($attachment['mimetype'], 'image') !== 0))
|
||||
{
|
||||
header('X-Download-Options: noopen');
|
||||
}
|
||||
}
|
||||
|
||||
if ($size)
|
||||
|
|
@ -645,7 +652,7 @@ function set_modified_headers($stamp, $browser)
|
|||
{
|
||||
// let's see if we have to send the file at all
|
||||
$last_load = isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) ? strtotime(trim($_SERVER['HTTP_IF_MODIFIED_SINCE'])) : false;
|
||||
if (strpos(strtolower($browser), 'msie 6.0') === false)
|
||||
if ((strpos(strtolower($browser), 'msie 6.0') === false) && (strpos(strtolower($browser), 'msie 8.0') === false))
|
||||
{
|
||||
if ($last_load !== false && $last_load <= $stamp)
|
||||
{
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue