View Issue Details

IDProjectCategoryView StatusLast Update
0022543mantisbtuipublic2017-04-01 00:13
ReportervboctorAssigned Tovboctor 
PrioritynormalSeverityfeatureReproducibilityalways
Status closedResolutionfixed 
Product Version2.2.2 
Target Version2.3.0Fixed in Version2.3.0 
Summary0022543: Open images in the browser rather than download them
Description

When clicking on an image, open it in the browser rather than downloading it to the user's machine.

TagsNo tags attached.

Relationships

duplicate of 0012313 acknowledged Can't open image attachments in browser windows 
related to 0011952 closeddhx Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks 
related to 0022583 closedvboctor Open PDFs in the browser rather than downloading them 

Activities

vboctor

vboctor

2017-03-19 22:19

manager   ~0056120

PR: https://github.com/mantisbt/mantisbt/pull/1057

atrol

atrol

2017-03-20 04:33

developer   ~0056122

@vboctor, if I understand right, the functionality has been deactivated in 1.2.2 0011952 due to security reasons, confirmed again at 0012313:0026545.

vboctor

vboctor

2017-03-25 15:22

manager   ~0056203

@atrol This is not an issue with my fix, since I decide whether to show inline vs. not based on the calculated content type and not the extension. For an html file that is uploaded as a png, the content type is: text/html; charset=us-ascii, hence, it is downloaded rather than displayed inline. Having said that, I explicitly also disabled the inline display for text/html.

Related Changesets

MantisBT: master 741acf27

2017-03-19 22:18:35

vboctor

Details Diff
Show images inline instead of downloading them

Fixes 0022543
mod - file_download.php Diff File

Issue History

Date Modified Username Field Change
2017-03-19 22:10 vboctor New Issue
2017-03-19 22:10 vboctor Status new => assigned
2017-03-19 22:10 vboctor Assigned To => vboctor
2017-03-19 22:19 vboctor Note Added: 0056120
2017-03-20 04:29 atrol Relationship added duplicate of 0012313
2017-03-20 04:30 atrol Relationship added related to 0011952
2017-03-20 04:33 atrol Note Added: 0056122
2017-03-25 15:10 vboctor Relationship added related to 0022583
2017-03-25 15:22 vboctor Note Added: 0056203
2017-03-28 23:28 vboctor Changeset attached => MantisBT master 741acf27
2017-03-28 23:28 vboctor Status assigned => resolved
2017-03-28 23:28 vboctor Resolution open => fixed
2017-03-28 23:28 vboctor Fixed in Version => 2.2.3
2017-03-29 02:01 vboctor Fixed in Version 2.2.3 => 2.3.0
2017-03-29 02:01 vboctor Target Version => 2.3.0
2017-04-01 00:13 vboctoradmin Status resolved => closed