mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-01-18 22:08:20 +01:00
Code Issues Projects Releases Wiki Activity

MDL-47404 filelib: Prevent flash from treating files as uploads

Browse Source 
Flash treats files as uploads if filename is passed in content-disposition
this causes security to be enforced that causes issues with SCORM packages
This commit is contained in:
Dan Marsden 2014-09-24 22:39:53 +12:00
parent 272fec367f
commit 7f68cc6541
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/filelib.php
View File

@ -2273,7 +2273,10 @@ function send_file($path, $filename, $lifetime = null , $filter=0, $pathisstring
if ($forcedownload) {
header('Content-Disposition: attachment; filename="'.$filename.'"');
} else {
} else if ($mimetype !== 'application/x-shockwave-flash') {
// If this is an swf don't pass content-disposition with filename as this makes the flash player treat the file
// as an upload and enforces security that may prevent the file from being loaded.
header('Content-Disposition: inline; filename="'.$filename.'"');
}