From a81664ce69fc8ff3ecd1e3627c57fa0ecb668e96 Mon Sep 17 00:00:00 2001
From: aydreeihn <adriane@enhancesoft.com>
Date: Thu, 10 Aug 2017 16:04:51 -0500
Subject: [PATCH] Only allow image attachments to be opened in the browser
 window

---
 include/class.http.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/include/class.http.php b/include/class.http.php
index 2616121c2..daafa21e7 100644
--- a/include/class.http.php
+++ b/include/class.http.php
@@ -106,6 +106,9 @@ class Http {
     }
 
     function download($filename, $type, $data=null, $disposition='attachment') {
+        if (strpos($type, 'image/') !== 0)
+          $disposition='attachment';
+
         header('Pragma: private');
         header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
         header('Cache-Control: private', false);
-- 
GitLab