Use secure mimetype for content delivery

Adds some hardening against potential CSP bypassed.
author: Lukas Reschke <lukas@owncloud.com> 2014-09-08 15:57:39 +0200
committer: Lukas Reschke <lukas@owncloud.com> 2014-09-08 15:57:39 +0200
commit: 312ed18d1539d925b29d92bd481842131cd6d131 (patch)
tree: 83b473455b6a09a7c057dea6e64e84b26a2e56d1 /lib/private/files.php
parent: bd63f475bc4d9c4c17caf5ad75f37dc342013dd3 (diff)
download: nextcloud-server-312ed18d1539d925b29d92bd481842131cd6d131.tar.gz
nextcloud-server-312ed18d1539d925b29d92bd481842131cd6d131.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/private/files.php b/lib/private/files.php
index 739dae64180..06fc2dc9109 100644
--- a/lib/private/files.php
+++ b/lib/private/files.php
@@ -49,7 +49,7 @@ class OC_Files {
 			header('Content-Type: application/zip');
 		} else {
 			$filesize = \OC\Files\Filesystem::filesize($filename);
-			header('Content-Type: '.\OC\Files\Filesystem::getMimeType($filename));
+			header('Content-Type: '.\OC_Helper::getSecureMimeType(\OC\Files\Filesystem::getMimeType($filename)));
 			if ($filesize > -1) {
 				header("Content-Length: ".$filesize);
 			}
author	Lukas Reschke <lukas@owncloud.com>	2014-09-08 15:57:39 +0200
committer	Lukas Reschke <lukas@owncloud.com>	2014-09-08 15:57:39 +0200
commit	312ed18d1539d925b29d92bd481842131cd6d131 (patch)
tree	83b473455b6a09a7c057dea6e64e84b26a2e56d1 /lib/private/files.php
parent	bd63f475bc4d9c4c17caf5ad75f37dc342013dd3 (diff)
download	nextcloud-server-312ed18d1539d925b29d92bd481842131cd6d131.tar.gz nextcloud-server-312ed18d1539d925b29d92bd481842131cd6d131.zip