check code rights on cloud files

Zotlabs/Module/Attach.php

@@ -31,7 +31,7 @@ class Attach extends \Zotlabs\Web\Controller {
 	
 		$unsafe_types = array('text/html','text/css','application/javascript');
 	
-		if(in_array($r['data']['filetype'],$unsafe_types)) {
+		if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($r['data']['uid']))) {
 				header('Content-type: text/plain');
 		}
 		else {

Zotlabs/Module/Getfile.php

@@ -108,7 +108,7 @@ class Getfile extends \Zotlabs\Web\Controller {
 			
 		$unsafe_types = array('text/html','text/css','application/javascript');
 	
-		if(in_array($r['data']['filetype'],$unsafe_types)) {
+		if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($channel['channel_id']))) {
 				header('Content-type: text/plain');
 		}
 		else {

Zotlabs/Storage/File.php

@@ -254,7 +254,7 @@ class File extends DAV\Node implements DAV\IFile {
 			// @todo this should be a global definition
 			$unsafe_types = array('text/html', 'text/css', 'application/javascript');
 
-			if (in_array($r[0]['filetype'], $unsafe_types)) {
+			if (in_array($r[0]['filetype'], $unsafe_types) && (! channel_codeallowed($this->data['uid']))) {
 				header('Content-disposition: attachment; filename="' . $r[0]['filename'] . '"');
 				header('Content-type: text/plain');
 			}
@@ -300,7 +300,7 @@ class File extends DAV\Node implements DAV\IFile {
 	public function getContentType() {
 		// @todo this should be a global definition.
 		$unsafe_types = array('text/html', 'text/css', 'application/javascript');
-		if (in_array($this->data['filetype'], $unsafe_types)) {
+		if (in_array($this->data['filetype'], $unsafe_types) && (! channel_codeallowed($this->data['uid']))) {
 			return 'text/plain';
 		}
 		return $this->data['filetype'];