From 258def8344de6092e02e2aa66bb0dfb1897be486 Mon Sep 17 00:00:00 2001
From: Ralf Becker <ralfbecker@outdoor-training.de>
Date: Thu, 17 Jul 2014 07:34:06 +0000
Subject: [PATCH] only modify js&css files for "real" browsers identified by
 existing of HTTP_REFERER, to return false data to WebDAV clients eg. used for
 backup

---
 phpgwapi/inc/class.vfs_webdav_server.inc.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/phpgwapi/inc/class.vfs_webdav_server.inc.php b/phpgwapi/inc/class.vfs_webdav_server.inc.php
index 8f67b1bb1e..062b24f78e 100644
--- a/phpgwapi/inc/class.vfs_webdav_server.inc.php
+++ b/phpgwapi/inc/class.vfs_webdav_server.inc.php
@@ -682,13 +682,14 @@ class vfs_webdav_server extends HTTP_WebDAV_Server_Filesystem
 				}
 				// for the rest we change mime-type to text/html and let code below handle it safely
 				// this stops Safari and Firefox from using it as src attribute in a script tag
-				else
+				// but only for "real" browsers, we dont want to modify data for our WebDAV clients
+				elseif (isset($_SERVER['HTTP_REFERER']))
 				{
 					$options['mimetype'] = 'text/html';
-					$options['data'] = '<pre>'.fread($options['stream'], $options['length']);
+					$options['data'] = '<pre>'.fread($options['stream'], $options['size']);
+					$options['size'] += 5;
 					fclose($options['stream']);
 					unset($options['stream']);
-					$options['size'] += 4;
 				}
 			}
 			// mitigate risk of html downloads by using CSP or force download for IE