mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Use secure mimetype for content delivery 

Adds some hardening against potential CSP bypassed.
This commit is contained in:
Lukas Reschke 2014-09-08 15:57:39 +02:00
parent bd63f475bc
commit 312ed18d15
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
apps/files/download.php
View File

@ -34,7 +34,7 @@ if(!\OC\Files\Filesystem::file_exists($filename)) {
exit; exit;
} }
$ftype=\OC\Files\Filesystem::getMimeType( $filename ); $ftype=\OC_Helper::getSecureMimeType(\OC\Files\Filesystem::getMimeType( $filename ));
header('Content-Type:'.$ftype); header('Content-Type:'.$ftype);
OCP\Response::setContentDispositionHeader(basename($filename), 'attachment'); OCP\Response::setContentDispositionHeader(basename($filename), 'attachment');

2
lib/private/files.php
View File

@ -49,7 +49,7 @@ class OC_Files {
header('Content-Type: application/zip'); header('Content-Type: application/zip');
} else { } else {
$filesize = \OC\Files\Filesystem::filesize($filename); $filesize = \OC\Files\Filesystem::filesize($filename);
header('Content-Type: '.\OC\Files\Filesystem::getMimeType($filename)); header('Content-Type: '.\OC_Helper::getSecureMimeType(\OC\Files\Filesystem::getMimeType($filename)));
if ($filesize > -1) { if ($filesize > -1) {
header("Content-Length: ".$filesize); header("Content-Length: ".$filesize);
} }