allura
| Revision | f51dc21e52c9db7f46fd39dbb1b59867f1c6730f (tree) |
|---|---|
| Zeit | 2012-05-15 00:09:13 |
| Autor | Cory Johns <johnsca@geek...> |
| Commiter | Yaroslav Luzin |
[#4193] Changed attachments to always download to fix security hole
Signed-off-by: Cory Johns <johnsca@geek.net>
Allura/allura/controllers/attachments.py (diff)| @@ -53,7 +53,7 @@ class AttachmentController(BaseController): | ||
| 53 | 53 | return attachment |
| 54 | 54 | |
| 55 | 55 | @expose() |
| 56 | - def index(self, delete=False, embed=True, **kw): | |
| 56 | + def index(self, delete=False, **kw): | |
| 57 | 57 | if request.method == 'POST': |
| 58 | 58 | require_access(self.artifact, self.edit_perm) |
| 59 | 59 | if delete: |
| @@ -64,7 +64,7 @@ class AttachmentController(BaseController): | ||
| 64 | 64 | except exc.HTTPNotFound: |
| 65 | 65 | pass |
| 66 | 66 | redirect(request.referer) |
| 67 | - return self.attachment.serve(embed) | |
| 67 | + return self.attachment.serve(False) | |
| 68 | 68 | |
| 69 | 69 | @expose() |
| 70 | 70 | def thumb(self, embed=True): |
sado
Fork
allura