Backported fixes and upload enhancement from Trunk:

anonymous user can now download files, without the need to have
filemanager run rights

phpgwapi/inc/class.egw_session.inc.php

@@ -949,22 +949,6 @@ class egw_session
 			//echo 'DEBUG: Sessions: account_id is empty!<br>'."\n";
 			return false;
 		}
-		// if user is anonymous and enters a not allowed application its session will be destroyed inmediatly.
-		$_current_app=$GLOBALS['egw_info']['flags']['currentapp'];
-		if($this->session_flags=='A' && !$GLOBALS['egw_info']['user']['apps'][$_current_app])
-		{
-			if (self::ERROR_LOG_DEBUG) error_log("*** session::verify($sessionid) anon user entering not allowed app");
-			$this->destroy($sessionid,$kp3);
-
-			/* Overwrite Cookie with empty user. For 2 weeks */
-			self::egw_setcookie(self::EGW_SESSION_NAME,'');
-			self::egw_setcookie('kp3','');
-			self::egw_setcookie('domain','');
-			self::egw_setcookie('last_domain','');
-			self::egw_setcookie('last_loginid', '');
-
-			return false;
-		}
 		if (self::ERROR_LOG_DEBUG) error_log("--> session::verify($sessionid) SUCCESS");
 
 		return true;

webdav.php

@@ -68,7 +68,25 @@ $GLOBALS['egw_info'] = array(
 	)
 );
 // if you move this file somewhere else, you need to adapt the path to the header!
-include(dirname(__FILE__).'/header.inc.php');
+try
+{
+	include(dirname(__FILE__).'/header.inc.php');
+}
+catch (egw_exception_no_permission_app $e)
+{
+	if (isset($GLOBALS['egw_info']['user']['apps']['filemanager']))
+	{
+		$GLOBALS['egw_info']['currentapp'] = 'filemanager';
+	}
+	elseif (isset($GLOBALS['egw_info']['user']['apps']['sitemgr-link']))
+	{
+		$GLOBALS['egw_info']['currentapp'] = 'sitemgr-link';
+	}
+	else
+	{
+		throw $e;
+	}
+}
 
 $headertime = microtime(true);