MDL-47404 filelib: Prevent flash from treating files as uploads

added to send_stored_file as well.

lib/filelib.php

@@ -2448,7 +2448,10 @@ function send_stored_file($stored_file, $lifetime=null, $filter=0, $forcedownloa
 
     if ($forcedownload) {
         header('Content-Disposition: attachment; filename="'.$filename.'"');
-    } else {
+    } else if ($mimetype !== 'application/x-shockwave-flash') {
+        // If this is an swf don't pass content-disposition with filename as this makes the flash player treat the file
+        // as an upload and enforces security that may prevent the file from being loaded.
+
         header('Content-Disposition: inline; filename="'.$filename.'"');
     }