allura
修订版 | f51dc21e52c9db7f46fd39dbb1b59867f1c6730f (tree) |
---|---|
时间 | 2012-05-15 00:09:13 |
作者 | Cory Johns <johnsca@geek...> |
Commiter | Yaroslav Luzin |
[#4193] Changed attachments to always download to fix security hole
Signed-off-by: Cory Johns <johnsca@geek.net>
@@ -53,7 +53,7 @@ class AttachmentController(BaseController): | ||
53 | 53 | return attachment |
54 | 54 | |
55 | 55 | @expose() |
56 | - def index(self, delete=False, embed=True, **kw): | |
56 | + def index(self, delete=False, **kw): | |
57 | 57 | if request.method == 'POST': |
58 | 58 | require_access(self.artifact, self.edit_perm) |
59 | 59 | if delete: |
@@ -64,7 +64,7 @@ class AttachmentController(BaseController): | ||
64 | 64 | except exc.HTTPNotFound: |
65 | 65 | pass |
66 | 66 | redirect(request.referer) |
67 | - return self.attachment.serve(embed) | |
67 | + return self.attachment.serve(False) | |
68 | 68 | |
69 | 69 | @expose() |
70 | 70 | def thumb(self, embed=True): |