Some bugfixes, security issues + minor improvements

git-svn-id: https://svn.roundcube.net/trunk@668 208e9e7b-5314-0410-a742-e7e81cd9613c
author: thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> 2007-08-10 08:27:40 +0000
committer: thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> 2007-08-10 08:27:40 +0000
commit: 77f0464b4757385011a1cf5bce2ab20a30a73a52 (patch)
tree: 712853f6dcd80a851b094417d76d1d9db3afde6c /roundcubemail/program/steps/mail/get.inc
parent: 881fdfae9ca7810e065a2965304729d561071c29 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/roundcubemail/program/steps/mail/get.inc b/roundcubemail/program/steps/mail/get.inc
index 11688f125..cbf8e0c88 100644
--- a/roundcubemail/program/steps/mail/get.inc
+++ b/roundcubemail/program/steps/mail/get.inc
@@ -29,7 +29,7 @@ if ($_GET['_preload'])
   $message = rcube_label('loadingdata');
 
   print "<html>\n<head>\n" .
-        '<meta http-equiv="refresh" content="0; url='.htmlspecialchars($url).'">' .
+        '<meta http-equiv="refresh" content="0; url='.Q($url).'">' .
         "\n</head>\n<body>" .
         $message .
         "\n</body>\n</html>";
@@ -107,7 +107,7 @@ else if ($pid = get_input_value('_part', RCUBE_INPUT_GET))
     else
       {
       header(sprintf('Content-Disposition: %s; filename="%s";',
-                     $part->disposition ? $part->disposition : 'attachment',
+                     $_GET['_download'] ? 'attachment' : 'inline',
                      $part->filename ? $part->filename : "roundcube.$ctype_secondary"));
 
       // turn off output buffering and print part content
author	thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>	2007-08-10 08:27:40 +0000
committer	thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>	2007-08-10 08:27:40 +0000
commit	77f0464b4757385011a1cf5bce2ab20a30a73a52 (patch)
tree	712853f6dcd80a851b094417d76d1d9db3afde6c /roundcubemail/program/steps/mail/get.inc
parent	881fdfae9ca7810e065a2965304729d561071c29 (diff)