diff MoinMoin/action/AttachFile.py @ 520:77526f8f3ecf

Fixed XSS issue which could lead to cookie theft etc. Thanks to the CAcert Security Team! imported from: moin--main--1.5--patch-524
author Alexander Schremmer <alex@alexanderweb.de.tla>
date Wed, 05 Apr 2006 08:32:20 +0000
parents 45924beef130
children 3b08d9413589 a1359eaee20e
line wrap: on
line diff
--- a/MoinMoin/action/AttachFile.py	Fri Mar 31 19:56:30 2006 +0000
+++ b/MoinMoin/action/AttachFile.py	Wed Apr 05 08:32:20 2006 +0000
@@ -644,7 +644,7 @@
         "Content-Length: %d" % os.path.getsize(fpath),
         # TODO: fix the encoding here, plain 8 bit is not allowed according to the RFCs
         # There is no solution that is compatible to IE except stripping non-ascii chars
-        "Content-Disposition: inline; filename=\"%s\"" % filename.encode(config.charset),
+        "Content-Disposition: attachment; filename=\"%s\"" % filename.encode(config.charset),
     ])
 
     # send data