MDL-8802 fixed byteserving broken by adobe anti xss patch; merged from MOODLE_18_STABLE

diff --git a/lib/filelib.php b/lib/filelib.php
index 5511bdf6266fb6d52ffedad8cebf4183c1e6fdd1..051ffa80bc6b17c06b818a0efe7feb91db4c87b7 100644 (file)
--- a/lib/filelib.php
+++ b/lib/filelib.php
@@ -264,7 +264,10 @@ function send_file($path, $filename, $lifetime=86400 , $filter=0, $pathisstring=
     if ($mimetype=='application/pdf' or mimeinfo('type', $filename)=='application/pdf') {
         //please note that it prevents opening of pdfs in browser when http referer disabled
         //or file linked from another site; browser caching of pdfs is now disabled too
-        if (empty($_SERVER['HTTP_REFERER']) or strpos($_SERVER['HTTP_REFERER'], $CFG->wwwroot)!==0) {
+        if (!empty($_SERVER['HTTP_RANGE'])) {
+            //already byteserving
+            $lifetime = 1; // >0 needed for byteserving    
+        } else if (empty($_SERVER['HTTP_REFERER']) or strpos($_SERVER['HTTP_REFERER'], $CFG->wwwroot)!==0) {
             $mimetype = 'application/x-forcedownload';
             $forcedownload = true;
             $lifetime = 0;