Filter more mimetypes

There's no need to allow more than those defined mimetypes for images.
author: Lukas Reschke <lukas@statuscode.ch> 2016-09-09 12:32:56 +0200
committer: Lukas Reschke <lukas@statuscode.ch> 2016-09-09 12:33:10 +0200
commit: 67439951e6751bb09161514da87a0c14b3831cc1 (patch)
tree: 27c4c2aade1c9e95a44f904dc85a3dcf7067f4c3 /apps/dav/lib/CardDAV
parent: f5aafdc89789623e72f9a05ecc2629ed2894668b (diff)
download: nextcloud-server-67439951e6751bb09161514da87a0c14b3831cc1.tar.gz
nextcloud-server-67439951e6751bb09161514da87a0c14b3831cc1.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/apps/dav/lib/CardDAV/ImageExportPlugin.php b/apps/dav/lib/CardDAV/ImageExportPlugin.php
index 31e8ed6a5e5..e48410d26d6 100644
--- a/apps/dav/lib/CardDAV/ImageExportPlugin.php
+++ b/apps/dav/lib/CardDAV/ImageExportPlugin.php
@@ -87,6 +87,7 @@ class ImageExportPlugin extends ServerPlugin {
 
 		if ($result = $this->getPhoto($node)) {
 			$response->setHeader('Content-Type', $result['Content-Type']);
+			$response->setHeader('Content-Disposition', 'attachment');
 			$response->setStatus(200);
 
 			$response->setBody($result['body']);
@@ -121,6 +122,17 @@ class ImageExportPlugin extends ServerPlugin {
 				}
 				$val = file_get_contents($val);
 			}
+
+			$allowedContentTypes = [
+				'image/png',
+				'image/jpeg',
+				'image/gif',
+			];
+
+			if(!in_array($type, $allowedContentTypes, true)) {
+				$type = 'application/octet-stream';
+			}
+
 			return [
 				'Content-Type' => $type,
 				'body' => $val
author	Lukas Reschke <lukas@statuscode.ch>	2016-09-09 12:32:56 +0200
committer	Lukas Reschke <lukas@statuscode.ch>	2016-09-09 12:33:10 +0200
commit	67439951e6751bb09161514da87a0c14b3831cc1 (patch)
tree	27c4c2aade1c9e95a44f904dc85a3dcf7067f4c3 /apps/dav/lib/CardDAV
parent	f5aafdc89789623e72f9a05ecc2629ed2894668b (diff)
download	nextcloud-server-67439951e6751bb09161514da87a0c14b3831cc1.tar.gz nextcloud-server-67439951e6751bb09161514da87a0c14b3831cc1.zip