From 312ed18d1539d925b29d92bd481842131cd6d131 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@owncloud.com>
Date: Mon, 8 Sep 2014 15:57:39 +0200
Subject: Use secure mimetype for content delivery

Adds some hardening against potential CSP bypassed.
---
 lib/private/files.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/private/files.php')

diff --git a/lib/private/files.php b/lib/private/files.php
index 739dae64180..06fc2dc9109 100644
--- a/lib/private/files.php
+++ b/lib/private/files.php
@@ -49,7 +49,7 @@ class OC_Files {
 			header('Content-Type: application/zip');
 		} else {
 			$filesize = \OC\Files\Filesystem::filesize($filename);
-			header('Content-Type: '.\OC\Files\Filesystem::getMimeType($filename));
+			header('Content-Type: '.\OC_Helper::getSecureMimeType(\OC\Files\Filesystem::getMimeType($filename)));
 			if ($filesize > -1) {
 				header("Content-Length: ".$filesize);
 			}
-- 
cgit v1.2.3