No more XSS

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-05-05 14:52:02 +02:00 · 2017-05-05 14:52:02 +02:00 · 747990b03a
parent 3ab53d000f
commit 747990b03a
1 changed files with 1 additions and 1 deletions
--- a/apps/dav/lib/CardDAV/ImageExportPlugin.php
+++ b/apps/dav/lib/CardDAV/ImageExportPlugin.php
@ -110,7 +110,7 @@ class ImageExportPlugin extends ServerPlugin {
 		try {
 			$file = $this->cache->get($addressbook->getResourceId(), $node->getName(), $size, $node);
 			$response->setHeader('Content-Type', $file->getMimeType());
-			$response->setHeader('Content-Disposition', 'inline');
+			$response->setHeader('Content-Disposition', 'attachment');
 			$response->setStatus(200);

 			$response->setBody($file->getContent());