From 747990b03a84c29d8810875339bd2a9548e09294 Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma <roeland@famdouma.nl>
Date: Fri, 5 May 2017 14:52:02 +0200
Subject: [PATCH] No more XSS

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
---
 apps/dav/lib/CardDAV/ImageExportPlugin.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/dav/lib/CardDAV/ImageExportPlugin.php b/apps/dav/lib/CardDAV/ImageExportPlugin.php
index fd9223c855b..5b08319735c 100644
--- a/apps/dav/lib/CardDAV/ImageExportPlugin.php
+++ b/apps/dav/lib/CardDAV/ImageExportPlugin.php
@@ -110,7 +110,7 @@ class ImageExportPlugin extends ServerPlugin {
 		try {
 			$file = $this->cache->get($addressbook->getResourceId(), $node->getName(), $size, $node);
 			$response->setHeader('Content-Type', $file->getMimeType());
-			$response->setHeader('Content-Disposition', 'inline');
+			$response->setHeader('Content-Disposition', 'attachment');
 			$response->setStatus(200);
 
 			$response->setBody($file->getContent());
-- 
GitLab