harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

check code rights on cloud files

Browse Source
This commit is contained in:
zotlabs
2017-09-05 21:38:07 -07:00
parent 7dc99cb4a4
commit 2cce599fd7
3 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Zotlabs/Storage/File.php
View File

@@ -254,7 +254,7 @@ class File extends DAV\Node implements DAV\IFile {
// @todo this should be a global definition
$unsafe_types = array('text/html', 'text/css', 'application/javascript');
if (in_array($r[0]['filetype'], $unsafe_types)) {
if (in_array($r[0]['filetype'], $unsafe_types) && (! channel_codeallowed($this->data['uid']))) {
header('Content-disposition: attachment; filename="' . $r[0]['filename'] . '"');
header('Content-type: text/plain');
}
@@ -300,7 +300,7 @@ class File extends DAV\Node implements DAV\IFile {
public function getContentType() {
// @todo this should be a global definition.
$unsafe_types = array('text/html', 'text/css', 'application/javascript');
if (in_array($this->data['filetype'], $unsafe_types)) {
if (in_array($this->data['filetype'], $unsafe_types) && (! channel_codeallowed($this->data['uid']))) {
return 'text/plain';
}
return $this->data['filetype'];