From 539d343d7395c49ee1d87597fb9c92f5bde159de Mon Sep 17 00:00:00 2001
From: Peter Rotich <peter@enhancesoft.com>
Date: Thu, 13 Jun 2019 16:52:16 +0000
Subject: [PATCH] Remove File Type Override

Remove file type overwrite previously used to force downloads. This
addresses potential XSS where an attacker could pass "image" resulting in
the file being displayed in line.
---
 include/class.file.php | 2 --
 1 file changed, 2 deletions(-)

diff --git a/include/class.file.php b/include/class.file.php
index e8ea7db9a..a2a0e57cb 100644
--- a/include/class.file.php
+++ b/include/class.file.php
@@ -247,8 +247,6 @@ class AttachmentFile extends VerySimpleModel {
         $ttl = ($expires) ? $expires - Misc::gmtime() : false;
         $this->makeCacheable($ttl);
         $type = $this->getType() ?: 'application/octet-stream';
-        if (isset($_REQUEST['overridetype']))
-            $type = $_REQUEST['overridetype'];
         Http::download($this->getName(), $type, null, 'inline');
         header('Content-Length: '.$this->getSize());
         $this->sendData(false);
-- 
GitLab