I'm working up a new CCK project for flash content, and using FileField to handle the uploading. It was all working fine until the Adobe Flash Player 10 update was installed. Curiously the problem doesn't seem to affect IE, but it is present in Firefox and Safari.

I did some research and it turns out that setting the header to Content-Disposition: attachment will stop the flash player handling the served file. (The issue is described in an Adobe security bulletin. Previously the player didn't care, which is why it worked before the update).

For FileField the issue therefore arises when you're using private files since the header is forced to attachment if it isn't text or an image.

At the moment I'm working around the problem by adding

  // Force to type inline if this is flash content
  if (ereg('flash$', $file->filemime)) {
    $disposition = 'inline';

just after line 188 of filefield.module.

#3 filefield_disposition.patch862 bytesquicksketch


dopry’s picture

Status: Active » Postponed (maintainer needs more info)

ack... I think we added that so some files could be downloaded... Can you give it a try with multiple filetypes and post the results here... ie) use attachment and inline with an xls, pdf, flash, image, wav, mp3, etc... I think I'd be willing to go back to inline, but need a leg to stand on to make that decision.

Darren Oh’s picture

Category: bug » feature
Status: Postponed (maintainer needs more info) » Active

It would be more convenient to choose a default when the field is created, which can be overridden for each file.

quicksketch’s picture

Category: feature » bug
Status: Active » Fixed
862 bytes

I fixed this problem with the attached patch, using the ereg Stuart recommended. It doesn't make sense to make this a configuration option for a couple reasons:

- Most administrators have no idea which would be the right option to choose.
- Usually you'll want some content to display inline (like text or images) but some to download (like doc files and pdfs).
- Either setting you choose, it only makes a difference if you're using private downloads.

So I think the "automatic" approach is much safer and would be generally preferred all around.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.