No more XSS

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
author: Roeland Jago Douma <roeland@famdouma.nl> 2017-05-05 14:52:02 +0200
committer: Roeland Jago Douma <roeland@famdouma.nl> 2017-05-08 11:20:49 +0200
commit: 747990b03a84c29d8810875339bd2a9548e09294 (patch)
tree: 2026089bcc775534ca3ac5c96f9fcd35f1d490f7 /apps/dav
parent: 3ab53d000f5e5e9d35e459109fc61c2ef936752d (diff)
download: nextcloud-server-747990b03a84c29d8810875339bd2a9548e09294.tar.gz
nextcloud-server-747990b03a84c29d8810875339bd2a9548e09294.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/dav/lib/CardDAV/ImageExportPlugin.php b/apps/dav/lib/CardDAV/ImageExportPlugin.php
index fd9223c855b..5b08319735c 100644
--- a/apps/dav/lib/CardDAV/ImageExportPlugin.php
+++ b/apps/dav/lib/CardDAV/ImageExportPlugin.php
@@ -110,7 +110,7 @@ class ImageExportPlugin extends ServerPlugin {
 		try {
 			$file = $this->cache->get($addressbook->getResourceId(), $node->getName(), $size, $node);
 			$response->setHeader('Content-Type', $file->getMimeType());
-			$response->setHeader('Content-Disposition', 'inline');
+			$response->setHeader('Content-Disposition', 'attachment');
 			$response->setStatus(200);
 
 			$response->setBody($file->getContent());
author	Roeland Jago Douma <roeland@famdouma.nl>	2017-05-05 14:52:02 +0200
committer	Roeland Jago Douma <roeland@famdouma.nl>	2017-05-08 11:20:49 +0200
commit	747990b03a84c29d8810875339bd2a9548e09294 (patch)
tree	2026089bcc775534ca3ac5c96f9fcd35f1d490f7 /apps/dav
parent	3ab53d000f5e5e9d35e459109fc61c2ef936752d (diff)
download	nextcloud-server-747990b03a84c29d8810875339bd2a9548e09294.tar.gz nextcloud-server-747990b03a84c29d8810875339bd2a9548e09294.zip