+--------------------------------------------------------------------------------+
| MyBB 1.4.7 - Security Update Patch File                                        |
| (c) 2009 MyBB Group.                                                           |
|                                                                                |
| This patch file fixes one medium risk and one low risk issue in MyBB 1.4.7     |
|                                                                                |
| Please follow the instructions documented to manually patch your board.        |
+--------------------------------------------------------------------------------+

===============
1. /attachments.php
===============

Find:
--
	if(strpos(strtolower($_SERVER['HTTP_USER_AGENT']), "msie") !== false)
	{
		header("Content-disposition: attachment; filename=\"{$attachment['filename']}\"");
	}
	else
	{
		header("Content-disposition: inline; filename=\"{$attachment['filename']}\"");
	}
	
	if(strpos(strtolower($_SERVER['HTTP_USER_AGENT']), "msie 6.0") !== false)
	{
		header("Expires: -1");
	}
	
	header("Content-type: {$attachment['filetype']}");
--

Replace with:
--
	switch($attachment['filetype'])
	{
		case "application/pdf":
		case "image/bmp":
		case "image/gif":
		case "image/jpeg":
		case "image/pjpeg":
		case "image/png":
		case "text/plain":
			header("Content-type: {$attachment['filetype']}");
			$disposition = "inline";
			break;

		default:
			header("Content-type: application/force-download");
			$disposition = "attachment";
	}

	if(strpos(strtolower($_SERVER['HTTP_USER_AGENT']), "msie") !== false)
	{
		header("Content-disposition: attachment; filename=\"{$attachment['filename']}\"");
	}
	else
	{
		header("Content-disposition: {$disposition}; filename=\"{$attachment['filename']}\"");
	}
	
	if(strpos(strtolower($_SERVER['HTTP_USER_AGENT']), "msie 6.0") !== false)
	{
		header("Expires: -1");
	}
--

===============
2. archive/index.php
===============

Find:
--
	if($sticky['replies'] != 1)
--

Add before:
--
	$sticky['subject'] = htmlspecialchars_uni($parser->parse_badwords($sticky['subject']));
--

===============
3. inc/class_core.php (Version number change)
===============

Find:
--
/**
 * The friendly version number of MyBB we're running.
 *
 * @var string
 */
var $version = "1.4.7";

/**
 * The version code of MyBB we're running.
 *
 * @var integer
 */
var $version_code = 1407;
--

Replace with:
--
/**
 * The friendly version number of MyBB we're running.
 *
 * @var string
 */
var $version = "1.4.8";

/**
 * The version code of MyBB we're running.
 *
 * @var integer
 */
var $version_code = 1408;
--

ALL DONE