[Pkg-owncloud-commits] [owncloud] 68/205: Use trusted mimetype

Thu Jul 2 17:36:57 UTC 2015

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch stable8
in repository owncloud.

commit 3d2ac6dbb62252d251d2c10907f28eb3b8458836
Author: Lukas Reschke <lukas at owncloud.com>
Date:   Mon Jun 22 15:30:27 2015 +0200

    Use trusted mimetype
    
    We shall not use untrusted mimetypes in this context
---
 apps/files_versions/download.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/files_versions/download.php b/apps/files_versions/download.php
index 72018ca..3cc324c 100644
--- a/apps/files_versions/download.php
+++ b/apps/files_versions/download.php
@@ -34,7 +34,7 @@ $versionName = '/'.$uid.'/files_versions/'.$filename.'.v'.$revision;
 
 $view = new OC\Files\View('/');
 
-$ftype = $view->getMimeType('/'.$uid.'/files/'.$filename);
+$ftype = \OC_Helper::getSecureMimeType($view->getMimeType('/'.$uid.'/files/'.$filename));
 
 header('Content-Type:'.$ftype);
 OCP\Response::setContentDispositionHeader(basename($filename), 'attachment');

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git

