View Issue Details

IDProjectCategoryView StatusLast Update
0022543mantisbtuipublic2017-04-01 00:13
Reportervboctor Assigned Tovboctor  
PrioritynormalSeverityfeatureReproducibilityalways
Status closedResolutionfixed 
Product Version2.2.2 
Target Version2.3.0Fixed in Version2.3.0 
Summary0022543: Open images in the browser rather than download them
Description

When clicking on an image, open it in the browser rather than downloading it to the user's machine.

TagsNo tags attached.

Relationships

duplicate of 0012313 closeddregad Can't open image attachments in browser windows 
related to 0011952 closeddhx Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks 
related to 0022583 closedvboctor Open PDFs in the browser rather than downloading them 

Activities

vboctor

vboctor

2017-03-19 22:19

manager   ~0056120

PR: https://github.com/mantisbt/mantisbt/pull/1057

atrol

atrol

2017-03-20 04:33

developer   ~0056122

@vboctor, if I understand right, the functionality has been deactivated in 1.2.2 0011952 due to security reasons, confirmed again at 0012313:0026545.

vboctor

vboctor

2017-03-25 15:22

manager   ~0056203

@atrol This is not an issue with my fix, since I decide whether to show inline vs. not based on the calculated content type and not the extension. For an html file that is uploaded as a png, the content type is: text/html; charset=us-ascii, hence, it is downloaded rather than displayed inline. Having said that, I explicitly also disabled the inline display for text/html.

Related Changesets

MantisBT: master 741acf27

2017-03-19 18:18

vboctor


Details Diff
Show images inline instead of downloading them

Fixes 0022543
Affected Issues
0022543
mod - file_download.php Diff File