[Pkg-owncloud-commits] [owncloud] 75/258: Use secure mimetype for content delivery
David Prévot
taffit at moszumanska.debian.org
Sat Oct 11 17:22:22 UTC 2014
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to branch master
in repository owncloud.
commit ff6deb809a7953a1e0b2199d63fb1a131565a607
Author: Lukas Reschke <lukas at owncloud.com>
Date: Mon Sep 8 15:57:39 2014 +0200
Use secure mimetype for content delivery
Adds some hardening against potential CSP bypassed.
---
apps/files/download.php | 2 +-
lib/private/files.php | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/apps/files/download.php b/apps/files/download.php
index 6b055e9..664a69c 100644
--- a/apps/files/download.php
+++ b/apps/files/download.php
@@ -34,7 +34,7 @@ if(!\OC\Files\Filesystem::file_exists($filename)) {
exit;
}
-$ftype=\OC\Files\Filesystem::getMimeType( $filename );
+$ftype=\OC_Helper::getSecureMimeType(\OC\Files\Filesystem::getMimeType( $filename ));
header('Content-Type:'.$ftype);
OCP\Response::setContentDispositionHeader(basename($filename), 'attachment');
diff --git a/lib/private/files.php b/lib/private/files.php
index 739dae6..06fc2dc 100644
--- a/lib/private/files.php
+++ b/lib/private/files.php
@@ -49,7 +49,7 @@ class OC_Files {
header('Content-Type: application/zip');
} else {
$filesize = \OC\Files\Filesystem::filesize($filename);
- header('Content-Type: '.\OC\Files\Filesystem::getMimeType($filename));
+ header('Content-Type: '.\OC_Helper::getSecureMimeType(\OC\Files\Filesystem::getMimeType($filename)));
if ($filesize > -1) {
header("Content-Length: ".$filesize);
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git
More information about the Pkg-owncloud-commits
mailing list