Research indicates that you referred me over file
[root@r13151 www]# find . -name '*.php' -exec grep -l "header ('Content-Type:" {} ;
The regular expression got broken to an additional line by my MUA. Make sure that regex is all on one line, and then run that command.
It looks like you'll also have to look for files that end in " .inc "
as well
find . -name '*.inc' -exec grep -l "header('Content-Type:" {} ; ./program/steps/addressbook/export.inc ./program/steps/mail/attachments.inc ./program/steps/mail/get.inc
exactly how it should change the file returned by the command
quoted above
anywhere you see :
header('Content-Type: ***************);
put
header('Accept: text/xml');
on a line beneath it. I'm not sure if the Accept header should also include other mime types. Here is a random Accept: header from our Intranet : Accept:application/xml,application/xhtml+xml,text/html;q=0.9,text/ plain;q=0.8,image/png,*/*;q=0.5
There are tools to see those headers, I used Safari's Web Inspector.
Note the actual mime type sent via the Content-Type: header isn't
always the same :
find . -name '*.inc' -exec grep "header('Content-Type:" {} ;
header('Content-Type: text/x-vcard; charset='.RCMAIL_CHARSET); header('Content-Type: ' . $attachment['mimetype']); header('Content-Type: text/html; charset=' . RCMAIL_CHARSET);
find . -name '*.php' -exec grep "header('Content-Type:" {} ;
header('Content-Type: text/plain'); header('Content-Type: text/html; charset=' . $this-
charset);
header('Content-Type: text/plain; charset=' . $this-
get_charset());
header('Content-Type: text/plain; charset=UTF-8'); header('Content-Type: text/css');
RoundCube sends that Content-Type: header for every page, but it
sends other headers depending on what page or what data is being
sent. If you add the Accept: header at each point where the Content-
Type: header is sent, that should make mod_security happy.