Exclude Vulnerable Image Files

Extend this to exclude image files that are injectable from opening in browser windows.

Exclude Vulnerable Image Files
Extend this to exclude image files that are injectable from opening in browser windows.
4f408b8f · aydreeihn · GitHub · a81664ce · 4f408b8f
Commit 4f408b8f authored 7 years ago by aydreeihn Committed by GitHub 7 years ago
--- a/include/class.http.php
+++ b/include/class.http.php
@@ -106,7 +106,7 @@ class Http {
    }

    function download($filename, $type, $data=null, $disposition='attachment') {
-        if (strpos($type, 'image/') !== 0)
+        if (strpos($type, 'image/') !== 0 || preg_match('/image\/.*\+.*/', $type))
          $disposition='attachment';

        header('Pragma: private');