Use secure mimetype for content delivery

Adds some hardening against potential CSP bypassed.
author: Lukas Reschke <lukas@owncloud.com> 2014-09-08 15:57:39 +0200
committer: Lukas Reschke <lukas@owncloud.com> 2014-09-08 15:57:39 +0200
commit: 312ed18d1539d925b29d92bd481842131cd6d131 (patch)
tree: 83b473455b6a09a7c057dea6e64e84b26a2e56d1 /apps/files/download.php
parent: bd63f475bc4d9c4c17caf5ad75f37dc342013dd3 (diff)
download: nextcloud-server-312ed18d1539d925b29d92bd481842131cd6d131.tar.gz
nextcloud-server-312ed18d1539d925b29d92bd481842131cd6d131.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/apps/files/download.php b/apps/files/download.php
index 6b055e99a53..664a69c5959 100644
--- a/apps/files/download.php
+++ b/apps/files/download.php
@@ -34,7 +34,7 @@ if(!\OC\Files\Filesystem::file_exists($filename)) {
 	exit;
 }
 
-$ftype=\OC\Files\Filesystem::getMimeType( $filename );
+$ftype=\OC_Helper::getSecureMimeType(\OC\Files\Filesystem::getMimeType( $filename ));
 
 header('Content-Type:'.$ftype);
 OCP\Response::setContentDispositionHeader(basename($filename), 'attachment');
author	Lukas Reschke <lukas@owncloud.com>	2014-09-08 15:57:39 +0200
committer	Lukas Reschke <lukas@owncloud.com>	2014-09-08 15:57:39 +0200
commit	312ed18d1539d925b29d92bd481842131cd6d131 (patch)
tree	83b473455b6a09a7c057dea6e64e84b26a2e56d1 /apps/files/download.php
parent	bd63f475bc4d9c4c17caf5ad75f37dc342013dd3 (diff)
download	nextcloud-server-312ed18d1539d925b29d92bd481842131cd6d131.tar.gz nextcloud-server-312ed18d1539d925b29d92bd481842131cd6d131.zip