From 312ed18d1539d925b29d92bd481842131cd6d131 Mon Sep 17 00:00:00 2001 From: Lukas Reschke Date: Mon, 8 Sep 2014 15:57:39 +0200 Subject: Use secure mimetype for content delivery Adds some hardening against potential CSP bypassed. --- apps/files/download.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'apps/files/download.php') diff --git a/apps/files/download.php b/apps/files/download.php index 6b055e99a53..664a69c5959 100644 --- a/apps/files/download.php +++ b/apps/files/download.php @@ -34,7 +34,7 @@ if(!\OC\Files\Filesystem::file_exists($filename)) { exit; } -$ftype=\OC\Files\Filesystem::getMimeType( $filename ); +$ftype=\OC_Helper::getSecureMimeType(\OC\Files\Filesystem::getMimeType( $filename )); header('Content-Type:'.$ftype); OCP\Response::setContentDispositionHeader(basename($filename), 'attachment'); -- cgit v1.2.3