Replace two files in your Mantis root directory.

Also you should add this variable in config_inc.php :

	# Fix 12313 usability issue and rollback changes for security issue 11952 fix.
	# http://www.mantisbt.org/bugs/view.php?id=12313 [^]
	# http://www.mantisbt.org/bugs/view.php?id=11952 [^]
	# ON - you can open images in new browser window by click on it. 
	# OFF - you can't. But you are secured.
	$g_allow_inline_attachment_rendering = ON;