diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2008-07-22 17:55:19 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2008-07-22 17:55:19 +0000 |
| commit | 9b579de9e234e378fb5081d79bea02d175495db7 (patch) | |
| tree | 28d55b59b2ade9201dd0ea518c56e740b039e649 /app/controllers/attachments_controller.rb | |
| parent | 8a7bfc72b20a0a554812db7f8bb7bfdf3e2a21d4 (diff) | |
| download | redmine-9b579de9e234e378fb5081d79bea02d175495db7.tar.gz redmine-9b579de9e234e378fb5081d79bea02d175495db7.zip | |
Appends the filename to the attachment url so that clients that ignore content-disposition http header get the real filename (#1649).
git-svn-id: http://redmine.rubyforge.org/svn/trunk@1686 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'app/controllers/attachments_controller.rb')
| -rw-r--r-- | app/controllers/attachments_controller.rb | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb index 07fee1269..1e8f566e6 100644 --- a/app/controllers/attachments_controller.rb +++ b/app/controllers/attachments_controller.rb @@ -43,6 +43,9 @@ class AttachmentsController < ApplicationController private def find_project @attachment = Attachment.find(params[:id]) + # Show 404 if the filename in the url is wrong + raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename + @project = @attachment.project permission = @attachment.container.is_a?(Version) ? :view_files : "view_#{@attachment.container.class.name.underscore.pluralize}".to_sym allowed = User.current.allowed_to?(permission, @project) |