From ff6deb809a7953a1e0b2199d63fb1a131565a607 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Mon, 8 Sep 2014 15:57:39 +0200
Subject: [PATCH] Use secure mimetype for content delivery

Adds some hardening against potential CSP bypassed.
---
 apps/files/download.php | 2 +-
 lib/private/files.php   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/files/download.php b/apps/files/download.php
index 6b055e99a53..664a69c5959 100644
--- a/apps/files/download.php
+++ b/apps/files/download.php
@@ -34,7 +34,7 @@ if(!\OC\Files\Filesystem::file_exists($filename)) {
 	exit;
 }
 
-$ftype=\OC\Files\Filesystem::getMimeType( $filename );
+$ftype=\OC_Helper::getSecureMimeType(\OC\Files\Filesystem::getMimeType( $filename ));
 
 header('Content-Type:'.$ftype);
 OCP\Response::setContentDispositionHeader(basename($filename), 'attachment');
diff --git a/lib/private/files.php b/lib/private/files.php
index 739dae64180..06fc2dc9109 100644
--- a/lib/private/files.php
+++ b/lib/private/files.php
@@ -49,7 +49,7 @@ class OC_Files {
 			header('Content-Type: application/zip');
 		} else {
 			$filesize = \OC\Files\Filesystem::filesize($filename);
-			header('Content-Type: '.\OC\Files\Filesystem::getMimeType($filename));
+			header('Content-Type: '.\OC_Helper::getSecureMimeType(\OC\Files\Filesystem::getMimeType($filename)));
 			if ($filesize > -1) {
 				header("Content-Length: ".$filesize);
 			}
-- 
2.39.5