SMF 2.0.19 has been released! Please update. Read more.
Started by WimB, October 27, 2013, 03:25:04 PM
Quote from: Arantor on October 27, 2013, 03:50:57 PMI don't know what to tell you.Here's what I know, for certain (mostly because I'm the one who wrote the patch)...1) The patch did not touch Display.php, which is where action=dlattach is located (and action=dlattach is what serves avatars and attachments)2) The only change that does come up in index.php?action=dlattach is the change to index.php where extra headers were added. If the headers were damaging the process, it would break new uploads too.As a test, though, you could try commenting out this line from index.php:Code Select Expandheader('X-Content-Type-Options: nosniff');But as I understand it, both Facebook and Twitter use this and they haven't had any problems.Is it all IE users on your site? Is it all files or just some of them?
Quote from: Arantor on October 27, 2013, 04:05:24 PMIs there anything the files have in common?Do they have funny characters in the names (when they don't work properly)?
Quote from: Arantor on October 27, 2013, 04:24:23 PMWell, it wasn't 2.0.6...
Quote from: monster mashby on October 27, 2013, 04:28:08 PMSome avatars and attachments? Mind providing a link to where an avatar isn't displaying properly in IE? And one with attachments, too?
header('X-XSS-Protection: 1; mode=block');
Quote from: Arantor on October 27, 2013, 06:00:26 PMOK, so let's try something really crazy.Comment out this line from index.php.Code Select Expandheader('X-XSS-Protection: 1; mode=block');