• R/O
  • HTTP
  • SSH
  • HTTPS

提交

標籤
無標籤

Frequently used words (click to add to your profile)

javac++androidlinuxc#windowsobjective-ccocoa誰得qtpythonphprubygameguibathyscaphec計画中(planning stage)翻訳omegatframeworktwitterdomtestvb.netdirectxゲームエンジンbtronarduinopreviewer

allura


Commit MetaInfo

修訂f51dc21e52c9db7f46fd39dbb1b59867f1c6730f (tree)
時間2012-05-15 00:09:13
作者Cory Johns <johnsca@geek...>
CommiterYaroslav Luzin

Log Message

[#4193] Changed attachments to always download to fix security hole

Signed-off-by: Cory Johns <johnsca@geek.net>

Change Summary

差異

--- a/Allura/allura/controllers/attachments.py
+++ b/Allura/allura/controllers/attachments.py
@@ -53,7 +53,7 @@ class AttachmentController(BaseController):
5353 return attachment
5454
5555 @expose()
56- def index(self, delete=False, embed=True, **kw):
56+ def index(self, delete=False, **kw):
5757 if request.method == 'POST':
5858 require_access(self.artifact, self.edit_perm)
5959 if delete:
@@ -64,7 +64,7 @@ class AttachmentController(BaseController):
6464 except exc.HTTPNotFound:
6565 pass
6666 redirect(request.referer)
67- return self.attachment.serve(embed)
67+ return self.attachment.serve(False)
6868
6969 @expose()
7070 def thumb(self, embed=True):