dépôts / lhc / web / wiklou.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
SECURITY: API: Avoid some silliness with browser-guessed filenames
[lhc/web/wiklou.git] / includes / Feed.php
diff --git a/includes/Feed.php b/includes/Feed.php
index bc7747f..fd223e6 100644 (file)
--- a/includes/Feed.php
+++ b/includes/Feed.php
@@ -230,6 +230,12 @@ abstract class ChannelFeed extends FeedItem {
                $wgOut->disable();
                $mimetype = $this->contentType();
                header( "Content-type: $mimetype; charset=UTF-8" );
+
+               // Set a sane filename
+               $exts = MimeMagic::singleton()->getExtensionsForType( $mimetype );
+               $ext = $exts ? strtok( $exts, ' ' ) : 'xml';
+               header( "Content-Disposition: inline; filename=\"feed.{$ext}\"" );
+
                if ( $wgVaryOnXFP ) {
                        $wgOut->addVaryHeader( 'X-Forwarded-Proto' );
                }
Wiklou, le Wiki du Wiklou