Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

request #7788: Prevent persistent XSS in attachment of an artifact

Download Browse

When a file is downloaded from Tuleap and have not been generated by the application, web browsers must not try to execute it. Change-Id: Ib439d0066d7d45a4e87f5bae50339e72fa1e60fd

+4 −4
Thomas Gerbet (tgerbet) 2015-01-22 16:59
Sandra Echinard (sechinard) 2015-01-26 11:11
656375dc56a18073f7b66dcdd4f3753e75016e65
5a29bcab78c82866a6a5ba326969fc035c12daaf
git #tuleap/stable/656375dc56a18073f7b66dcdd4f3753e75016e65

Modified Files

Side by side diff
Inline diff
Name
M plugins/docman/include/view/Docman_View_Download.class.php +1 −1 Go to diff View file
M plugins/tracker/include/Tracker/FormElement/Tracker_FormElement_Field_File.class.php +1 −1 Go to diff View file
M src/www/docman/download.php +1 −1 Go to diff View file
M src/www/tracker/download.php +1 −1 Go to diff View file