mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Use secure mimetype for content delivery 

Adds some hardening against potential CSP bypassed.
This commit is contained in:
Lukas Reschke 2014-09-08 15:57:39 +02:00
parent bd63f475bc
commit 312ed18d15
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/files/download.php
View File

@ -34,7 +34,7 @@ if(!\OC\Files\Filesystem::file_exists($filename)) {
exit;
}
$ftype=\OC\Files\Filesystem::getMimeType( $filename );
$ftype=\OC_Helper::getSecureMimeType(\OC\Files\Filesystem::getMimeType( $filename ));
header('Content-Type:'.$ftype);
OCP\Response::setContentDispositionHeader(basename($filename), 'attachment');

2
lib/private/files.php
View File

@ -49,7 +49,7 @@ class OC_Files {
header('Content-Type: application/zip');
} else {
$filesize = \OC\Files\Filesystem::filesize($filename);
header('Content-Type: '.\OC\Files\Filesystem::getMimeType($filename));
header('Content-Type: '.\OC_Helper::getSecureMimeType(\OC\Files\Filesystem::getMimeType($filename)));
if ($filesize > -1) {
header("Content-Length: ".$filesize);
}