Use secure mimetype for content delivery
Adds some hardening against potential CSP bypassed.
This commit is contained in:
parent
bd63f475bc
commit
312ed18d15
|
@ -34,7 +34,7 @@ if(!\OC\Files\Filesystem::file_exists($filename)) {
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
$ftype=\OC\Files\Filesystem::getMimeType( $filename );
|
$ftype=\OC_Helper::getSecureMimeType(\OC\Files\Filesystem::getMimeType( $filename ));
|
||||||
|
|
||||||
header('Content-Type:'.$ftype);
|
header('Content-Type:'.$ftype);
|
||||||
OCP\Response::setContentDispositionHeader(basename($filename), 'attachment');
|
OCP\Response::setContentDispositionHeader(basename($filename), 'attachment');
|
||||||
|
|
|
@ -49,7 +49,7 @@ class OC_Files {
|
||||||
header('Content-Type: application/zip');
|
header('Content-Type: application/zip');
|
||||||
} else {
|
} else {
|
||||||
$filesize = \OC\Files\Filesystem::filesize($filename);
|
$filesize = \OC\Files\Filesystem::filesize($filename);
|
||||||
header('Content-Type: '.\OC\Files\Filesystem::getMimeType($filename));
|
header('Content-Type: '.\OC_Helper::getSecureMimeType(\OC\Files\Filesystem::getMimeType($filename)));
|
||||||
if ($filesize > -1) {
|
if ($filesize > -1) {
|
||||||
header("Content-Length: ".$filesize);
|
header("Content-Length: ".$filesize);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue