Project

General

Profile

Actions

Feature #33902

closed

Server-Handler for GIF

Added by der gl0wn over 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Attachments
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Wont fix

Description

All images were downloaded from the browser, not only .GIF, but also .gif, .png, etc.
A method in Redmine had to be overwritten.

I am publishing something here for the first time, please be lenient.

I also hope that the patch file I have created is correct. (attachments_controller.rb edited)


Files

inline_attachment_images.patch (511 Bytes) inline_attachment_images.patch Not a Bug, it's a Feature der gl0wn, 2020-08-25 11:23
Actions #1

Updated by Bernhard Rohloff over 4 years ago

First of all thank you for your contribution. Every patch counts. :-)

This area of Redmine is a dark spot on my map. I have read the description but I have no clue what the issue is about, or what this patch does. Could you describe it to me on a specific use case? If i do this, than Redmine should do that.
It would also help to choose a category for the improvement. Is this patch related to issue tracking?

You also mention that the attachments_controller.rb was edited, but I cannot find it in you patch.

Actions #2

Updated by der gl0wn over 4 years ago

Hi Bernhard Ganslmeier Rohloff,

guess you could say that.

In our company we did not want the images to be downloaded automatically, but rather open them in the browser.

I think I messed up something with the patch itself, the

disposition
method is overwritten with the patch.

Actions #3

Updated by Go MAEDA over 4 years ago

The reason for sending images with a "Content-Disposition: attachment" is to fix a security flaw CVE-2017-15574. The change was made in r16285.

Actions #4

Updated by Go MAEDA over 4 years ago

  • Category set to Attachments
Actions #5

Updated by Go MAEDA about 4 years ago

  • Status changed from New to Closed
  • Resolution set to Wont fix

Go MAEDA wrote:

The reason for sending images with a "Content-Disposition: attachment" is to fix a security flaw CVE-2017-15574. The change was made in r16285.

Closing this issue.

Actions

Also available in: Atom PDF