]> source.dussan.org Git - nextcloud-server.git/commitdiff
projects / nextcloud-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3ab53d0)
No more XSS
authorRoeland Jago Douma <roeland@famdouma.nl>
Fri, 5 May 2017 12:52:02 +0000 (14:52 +0200)
committerRoeland Jago Douma <roeland@famdouma.nl>
Mon, 8 May 2017 09:20:49 +0000 (11:20 +0200)
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
apps/dav/lib/CardDAV/ImageExportPlugin.php patch | blob | history

diff --git a/apps/dav/lib/CardDAV/ImageExportPlugin.php b/apps/dav/lib/CardDAV/ImageExportPlugin.php
index fd9223c855bb4f78b02ba768051d13e16cc9a973..5b08319735c45a74594ea75de656f21a8fdb9a95 100644 (file)
--- a/apps/dav/lib/CardDAV/ImageExportPlugin.php
+++ b/apps/dav/lib/CardDAV/ImageExportPlugin.php
@@ -110,7 +110,7 @@ class ImageExportPlugin extends ServerPlugin {
                try {
                        $file = $this->cache->get($addressbook->getResourceId(), $node->getName(), $size, $node);
                        $response->setHeader('Content-Type', $file->getMimeType());
-                       $response->setHeader('Content-Disposition', 'inline');
+                       $response->setHeader('Content-Disposition', 'attachment');
                        $response->setStatus(200);
 
                        $response->setBody($file->getContent());
Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server