Use secure mimetype for content delivery

Adds some hardening against potential CSP bypassed.

apps/files/download.php

@@ -34,7 +34,7 @@ if(!\OC\Files\Filesystem::file_exists($filename)) {
 	exit;
 }
 
-$ftype=\OC\Files\Filesystem::getMimeType( $filename );
+$ftype=\OC_Helper::getSecureMimeType(\OC\Files\Filesystem::getMimeType( $filename ));
 
 header('Content-Type:'.$ftype);
 OCP\Response::setContentDispositionHeader(basename($filename), 'attachment');

lib/private/files.php

@@ -49,7 +49,7 @@ class OC_Files {
 			header('Content-Type: application/zip');
 		} else {
 			$filesize = \OC\Files\Filesystem::filesize($filename);
-			header('Content-Type: '.\OC\Files\Filesystem::getMimeType($filename));
+			header('Content-Type: '.\OC_Helper::getSecureMimeType(\OC\Files\Filesystem::getMimeType($filename)));
 			if ($filesize > -1) {
 				header("Content-Length: ".$filesize);
 			}