[F] [1.4.8] Attached images open not in browser [C-Chris W B.]
#1
Hi,

after the update from 1.4.7 to 1.4.8 attached images won't open 'inline' in the browser (in a new tab/windows). Now when you click on a thumbnail you will be asked to download the image.

This can be reproduced here on myboard.net also.


Attached Files Thumbnail(s)
   
#2
(2009-06-26, 05:38 AM)Ryan Gordon Wrote: One Medium XSS vulnerabilities fixed in Attachments - This vulnerability was reported by frostschutz.
Please note that this patch will remove the ability to open some types of attachments directly in your browser (e.g. PDF), and will instead ask you to download them.
Your friendly neighbourhood lurker.
#3
This user has been denied support. This user has been denied support.
I sent Ryan Gordon some PMs, he'll probably kill me when he reads them later. Toungue
#4
This will get marked as bogus. I saw this in the change section. Sort of a dissappointment and I have to assume this was done to heighten security but it does stink.
#5
This user has been denied support. This user has been denied support.
This is not a bugfix, but the workaround I'm currently using. Use at your own risk.


Attached Files
.php   attachment.php (Size: 3.46 KB / Downloads: 158)
#6
I viewed your changes. Looks reasonable but why have PDF display inline?
#7
This user has been denied support. This user has been denied support.
Most people use Acrobat these days to read PDF embedded into the browser.

It's just a dirty workaround. A good solution requires more work.
#8
I've applied frostschutz's functionality improvement to the MyBB 1.4.8 download and the MyBB Changed File package. I also updated the security patch instructions itself. The new patch just provides some more convenient abilities. The old security patch works just as fine and is secure so there is no need to rush to apply the fix, so long as you have the old one already.


Forum Jump:


Users browsing this thread: 1 Guest(s)