Skip to content
Snippets Groups Projects
Unverified Commit 20ee05a9 authored by Thomas's avatar Thomas Committed by GitHub
Browse files

Merge pull request #291 from andreyamin/master

Fix issue with Totara 13 XSS hardening
parents ca879351 2b96131b
No related branches found
No related tags found
No related merge requests found
...@@ -316,6 +316,10 @@ function hvp_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload ...@@ -316,6 +316,10 @@ function hvp_pluginfile($course, $cm, $context, $filearea, $args, $forcedownload
return false; // No such file. return false; // No such file.
} }
// Totara: use allowxss option to prevent application/x-javascript mimetype
// from being converted to application/x-forcedownload.
$options['allowxss'] = '1';
send_stored_file($file, 86400, 0, $forcedownload, $options); send_stored_file($file, 86400, 0, $forcedownload, $options);
return true; return true;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment