Project

General

Profile

Bug #23549 » 15728_trunk.diff

Administrator Admin, 2010-09-17 09:34

View differences:

typo3/sysext/em/mod1/class.em_index.php (Arbeitskopie)
// Link for downloading extension has been clicked - deliver content stream:
$dlFile = $this->CMD['downloadFile'];
if (t3lib_div::isFirstPartOfStr($dlFile,PATH_site) && t3lib_div::isFirstPartOfStr($dlFile,$absPath) && @is_file($dlFile)) {
if (t3lib_div::isAllowedAbsPath($dlFile) && t3lib_div::isFirstPartOfStr($dlFile,PATH_site) && t3lib_div::isFirstPartOfStr($dlFile,$absPath) && @is_file($dlFile)) {
$mimeType = 'application/octet-stream';
Header('Content-Type: '.$mimeType);
Header('Content-Disposition: attachment; filename='.basename($dlFile));
(1-1/8)