Topic: | Content-Type is TEXT/HTML for zip Download instead of application/x-zip-compressed or forced download |
Severity/Risk: | Minor |
Versions affected: | 2.2 to 2.2.2+, 2.1 to 2.1.5+, 2.0 to 2.0.8+ |
Reported by: | Asaf Ohaion |
Workaround: | Avoid "download all" feature in Assignment |
Issue no.: | MDL-31558 |
CVE Identifier: |
CVE-2012-2364 |
Changes (master): | http://git.moodle.org/gw?p=moodle.git;a=commit;h=ce4126c7a9e07dd0514f7ac297b5e60cad0b8d20 |
Description:
An incorrect mimetype was being reported for zipped assignment submissions, causing some browsers to render the response. The fix for this issue also prevents incorrect use of file sending functions by third-party modules.