MantisBT: master dfe664a1

Diff Back to Repository
Author Committer Branch Timestamp Parent
dregad dregad master 2014-11-29 05:50 master 26f209a2
Affected Issues  0017874: CVE-2014-9271: Persistent XSS in file uploads/attachments
Changeset

Improve comment for 'nosniff' header

  • Reworded the part about IE8 second-guessing content type
  • Added a note about Flash, as per Mathias Karlsson's recommendation in
    issue 0017874
mod - core/http_api.php Diff File
mod - css/common_config.php Diff File
mod - css/status_config.php Diff File
mod - file_download.php Diff File
mod - javascript_config.php Diff File
mod - javascript_translations.php Diff File