diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2014-09-08 15:57:39 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2014-09-08 15:57:39 +0200 |
| commit | 312ed18d1539d925b29d92bd481842131cd6d131 (patch) | |
| tree | 83b473455b6a09a7c057dea6e64e84b26a2e56d1 | |
| parent | bd63f475bc4d9c4c17caf5ad75f37dc342013dd3 (diff) | |
| download | nextcloud-server-312ed18d1539d925b29d92bd481842131cd6d131.tar.gz nextcloud-server-312ed18d1539d925b29d92bd481842131cd6d131.zip | |
Use secure mimetype for content delivery
Adds some hardening against potential CSP bypassed.
| -rw-r--r-- | apps/files/download.php | 2 | ||||
| -rw-r--r-- | lib/private/files.php | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/apps/files/download.php b/apps/files/download.php index 6b055e99a53..664a69c5959 100644 --- a/apps/files/download.php +++ b/apps/files/download.php @@ -34,7 +34,7 @@ if(!\OC\Files\Filesystem::file_exists($filename)) { exit; } -$ftype=\OC\Files\Filesystem::getMimeType( $filename ); +$ftype=\OC_Helper::getSecureMimeType(\OC\Files\Filesystem::getMimeType( $filename )); header('Content-Type:'.$ftype); OCP\Response::setContentDispositionHeader(basename($filename), 'attachment'); diff --git a/lib/private/files.php b/lib/private/files.php index 739dae64180..06fc2dc9109 100644 --- a/lib/private/files.php +++ b/lib/private/files.php @@ -49,7 +49,7 @@ class OC_Files { header('Content-Type: application/zip'); } else { $filesize = \OC\Files\Filesystem::filesize($filename); - header('Content-Type: '.\OC\Files\Filesystem::getMimeType($filename)); + header('Content-Type: '.\OC_Helper::getSecureMimeType(\OC\Files\Filesystem::getMimeType($filename))); if ($filesize > -1) { header("Content-Length: ".$filesize); } |