Adds some hardening against potential CSP bypassed.
exit;
}
-$ftype=\OC\Files\Filesystem::getMimeType( $filename );
+$ftype=\OC_Helper::getSecureMimeType(\OC\Files\Filesystem::getMimeType( $filename ));
header('Content-Type:'.$ftype);
OCP\Response::setContentDispositionHeader(basename($filename), 'attachment');
header('Content-Type: application/zip');
} else {
$filesize = \OC\Files\Filesystem::filesize($filename);
- header('Content-Type: '.\OC\Files\Filesystem::getMimeType($filename));
+ header('Content-Type: '.\OC_Helper::getSecureMimeType(\OC\Files\Filesystem::getMimeType($filename)));
if ($filesize > -1) {
header("Content-Length: ".$filesize);
}