diff --git a/include/class.file.php b/include/class.file.php
index 801f01097fbc3801072d00d8addefd1ac2325493..d0404f40679904778be6d8eb16532a56b6b8eb4e 100644
--- a/include/class.file.php
+++ b/include/class.file.php
@@ -196,24 +196,13 @@ class AttachmentFile {
     }
 
     function download() {
+        $bk = $this->open();
+        if ($bk->sendRedirectUrl('inline'))
+            return;
         $this->makeCacheable();
-
-        header('Content-Type: '.($this->getType()?$this->getType():'application/octet-stream'));
-
-        $filename=basename($this->getName());
-        $user_agent = strtolower ($_SERVER['HTTP_USER_AGENT']);
-        if (false !== strpos($user_agent,'msie') && false !== strpos($user_agent,'win'))
-            header('Content-Disposition: filename='.rawurlencode($filename).';');
-        elseif (false !== strpos($user_agent, 'safari') && false === strpos($user_agent, 'chrome'))
-            // Safari and Safari only can handle the filename as is
-            header('Content-Disposition: filename='.str_replace(',', '', $filename).';');
-        else
-            // Use RFC5987
-            header("Content-Disposition: filename*=UTF-8''".rawurlencode($filename).';' );
-
-        header('Content-Transfer-Encoding: binary');
+        Http::download($this->getName(), $this->getType() ?: 'application/octet-stream');
         header('Content-Length: '.$this->getSize());
-        $this->sendData(true, 'attachment');
+        $this->sendData(false);
         exit();
     }
 
diff --git a/include/class.http.php b/include/class.http.php
index 8a5a2d4b9e6af5b12c8873a608af094c710ed8b6..a96ab84ab2f124f190c178d554c8d3aaaaaf44ce 100644
--- a/include/class.http.php
+++ b/include/class.http.php
@@ -76,20 +76,33 @@ class Http {
         }
     }
 
+    /**
+     * Creates the filename=... part of the Content-Disposition header. This
+     * is browser dependent, so the user agent is inspected to determine the
+     * best encoding format for the filename
+     */
+    function getDispositionFilename($filename) {
+        $user_agent = strtolower ($_SERVER['HTTP_USER_AGENT']);
+        if (false !== strpos($user_agent,'msie')
+                && false !== strpos($user_agent,'win'))
+            return 'filename='.rawurlencode($filename);
+        elseif (false !== strpos($user_agent, 'safari')
+                && false === strpos($user_agent, 'chrome'))
+            // Safari and Safari only can handle the filename as is
+            return 'filename='.str_replace(',', '', $filename);
+        else
+            // Use RFC5987
+            return "filename*=UTF-8''".rawurlencode($filename);
+    }
+
     function download($filename, $type, $data=null) {
-        header('Pragma: public');
+        header('Pragma: private');
         header('Expires: 0');
         header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
-        header('Cache-Control: public');
+        header('Cache-Control: private');
         header('Content-Type: '.$type);
-        $user_agent = strtolower ($_SERVER['HTTP_USER_AGENT']);
-        if (strpos($user_agent,'msie') !== false
-                && strpos($user_agent,'win') !== false) {
-            header('Content-Disposition: filename="'.basename($filename).'";');
-        } else {
-            header('Content-Disposition: attachment; filename="'
-                .basename($filename).'"');
-        }
+        header('Content-Disposition: attachment; %s;',
+            self::getDispositionFilename(basename($filename)));
         header('Content-Transfer-Encoding: binary');
         if ($data !== null) {
             header('Content-Length: '.strlen($data));