Patch for "1.10_STABLE" branch: https://reviews.mahara.org/4949
-- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1470281 Title: Use "nosniff" header to prevent potential XSS via untrusted files in IE Status in Mahara ePortfolio: Fix Committed Status in Mahara 1.10 series: Fix Committed Status in Mahara 1.9 series: Fix Committed Status in Mahara 15.04 series: In Progress Status in Mahara 15.10 series: Fix Committed Bug description: Yuliya posted this one directly into Gerrit: https://reviews.mahara.org/#/c/4821/ Use nosniff header to prevent potential XSS via untrusted files in IE See - https://msdn.microsoft.com/en-us/library/gg622941(v=vs.85).aspx - https://www.owasp.org/index.php/List_of_useful_HTTP_headers Solution is to add it to file serving code in places where we do forced download of files. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1470281/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
