Skip to content
Snippets Groups Projects
Commit dc259559 authored by Jan-Hendrik Willms's avatar Jan-Hendrik Willms
Browse files

refine blacklisted content detection when downloading files, fixes #1205

Closes #1205

Merge request studip/studip!715
parent cf373d64
No related branches found
No related tags found
No related merge requests found
......@@ -1702,12 +1702,9 @@ function rmdirr($dirname){
/**
* Determines an appropriate MIME type for a file based on the
* extension of the file name.
*
* @param string $filename file name to check
* Returns the mapping of extensions to supported MIME types.
*/
function get_mime_type($filename)
function get_mime_types()
{
static $mime_types = [
// archive types
......@@ -1761,6 +1758,19 @@ function get_mime_type($filename)
'webm' => 'video/webm',
];
return $mime_types;
}
/**
* Determines an appropriate MIME type for a file based on the
* extension of the file name.
*
* @param string $filename file name to check
*/
function get_mime_type($filename)
{
$mime_types = get_mime_types();
$extension = mb_strtolower(pathinfo($filename, PATHINFO_EXTENSION));
if (isset($mime_types[$extension])) {
......
......@@ -186,16 +186,9 @@ if (!file_exists($path_file)) {
throw new Exception(_('Fehler beim Laden der Inhalte der Datei'));
}
$content_blacklisted = function ($mime) {
foreach (['html', 'javascript', 'svg', 'xml'] as $check) {
if (stripos($mime, $check) !== false) {
return true;
}
}
return false;
};
$allowed_mime_types = get_mime_types();
if ($content_blacklisted($content_type)) {
if (!in_array($content_type, $allowed_mime_types)) {
$content_type = 'application/octet-stream';
}
if (Request::int('force_download') || $content_type == "application/octet-stream") {
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment