-
Robert Lyon authored
By doing two things: 1) Getting the embedded SWF object to set the allowscriptaccess = "never" and allownetworking = "never" 2) By forcing a 'download file' link to actually download file - this goes for all files now that don't have embedded=1 in their url. I've done it this way, having the embedded item have extra url param so that if a user tries to manipulate a url by removing params it will default to force download. I've merged the changes I'd done here https://reviews.mahara.org/#/c/3522/2 and I've also cleaned up places where the download=1 was used as that is not needed now. Now if there are places where we need to embed rather than download we add the embedded=1 to the url. Change-Id: If5290a7c571d06d4178ef2ae5c4c09ed287403b4 Signed-off-by: Robert Lyon <robertl@catalyst.net.nz>
8df9bdfa