Feature #33902

Server-Handler for GIF

Added by der gl0wn over 1 year ago. Updated about 1 year ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Attachments
Target version:-
Resolution:Wont fix

Description

All images were downloaded from the browser, not only .GIF, but also .gif, .png, etc.
A method in Redmine had to be overwritten.

I am publishing something here for the first time, please be lenient.

I also hope that the patch file I have created is correct. (attachments_controller.rb edited)

inline_attachment_images.patch Magnifier - Not a Bug, it's a Feature (511 Bytes) der gl0wn, 2020-08-25 11:23

History

#1 Updated by Bernhard Rohloff over 1 year ago

First of all thank you for your contribution. Every patch counts. :-)

This area of Redmine is a dark spot on my map. I have read the description but I have no clue what the issue is about, or what this patch does. Could you describe it to me on a specific use case? If i do this, than Redmine should do that.
It would also help to choose a category for the improvement. Is this patch related to issue tracking?

You also mention that the attachments_controller.rb was edited, but I cannot find it in you patch.

#2 Updated by der gl0wn over 1 year ago

Hi @Bernhard Rohloff,

guess you could say that.

In our company we did not want the images to be downloaded automatically, but rather open them in the browser.

I think I messed up something with the patch itself, the

disposition
method is overwritten with the patch.

#3 Updated by Go MAEDA over 1 year ago

The reason for sending images with a "Content-Disposition: attachment" is to fix a security flaw CVE-2017-15574. The change was made in r16285.

#4 Updated by Go MAEDA over 1 year ago

  • Category set to Attachments

#5 Updated by Go MAEDA about 1 year ago

  • Status changed from New to Closed
  • Resolution set to Wont fix

Go MAEDA wrote:

The reason for sending images with a "Content-Disposition: attachment" is to fix a security flaw CVE-2017-15574. The change was made in r16285.

Closing this issue.

Also available in: Atom PDF