Adds some hardening against potential CSP bypassed.tags/v8.0.0alpha1
@@ -34,7 +34,7 @@ if(!\OC\Files\Filesystem::file_exists($filename)) { | |||
exit; | |||
} | |||
$ftype=\OC\Files\Filesystem::getMimeType( $filename ); | |||
$ftype=\OC_Helper::getSecureMimeType(\OC\Files\Filesystem::getMimeType( $filename )); | |||
header('Content-Type:'.$ftype); | |||
OCP\Response::setContentDispositionHeader(basename($filename), 'attachment'); |
@@ -49,7 +49,7 @@ class OC_Files { | |||
header('Content-Type: application/zip'); | |||
} else { | |||
$filesize = \OC\Files\Filesystem::filesize($filename); | |||
header('Content-Type: '.\OC\Files\Filesystem::getMimeType($filename)); | |||
header('Content-Type: '.\OC_Helper::getSecureMimeType(\OC\Files\Filesystem::getMimeType($filename))); | |||
if ($filesize > -1) { | |||
header("Content-Length: ".$filesize); | |||
} |