MantisBT: master-1.2.x a552b37b

Author Committer Branch Timestamp Parent
dregad dregad master-1.2.x 2014-11-29 05:50 master-1.2.x 9fb8cf36
Affected Issues  0017874: CVE-2014-9271: Persistent XSS in file uploads/attachments
Changeset

Improve comment for 'nosniff' header

  • Reworded the part about IE8 second-guessing content type
  • Added a note about Flash, as per Mathias Karlsson's recommendation in
    issue 0017874
mod - file_download.php Diff File