Skip to content
Snippets Groups Projects
Commit dc259559 authored by Jan-Hendrik Willms's avatar Jan-Hendrik Willms
Browse files

refine blacklisted content detection when downloading files, fixes #1205

Closes #1205

Merge request studip/studip!715
parent cf373d64
No related branches found
No related tags found
No related merge requests found
...@@ -1702,12 +1702,9 @@ function rmdirr($dirname){ ...@@ -1702,12 +1702,9 @@ function rmdirr($dirname){
/** /**
* Determines an appropriate MIME type for a file based on the * Returns the mapping of extensions to supported MIME types.
* extension of the file name.
*
* @param string $filename file name to check
*/ */
function get_mime_type($filename) function get_mime_types()
{ {
static $mime_types = [ static $mime_types = [
// archive types // archive types
...@@ -1761,6 +1758,19 @@ function get_mime_type($filename) ...@@ -1761,6 +1758,19 @@ function get_mime_type($filename)
'webm' => 'video/webm', 'webm' => 'video/webm',
]; ];
return $mime_types;
}
/**
* Determines an appropriate MIME type for a file based on the
* extension of the file name.
*
* @param string $filename file name to check
*/
function get_mime_type($filename)
{
$mime_types = get_mime_types();
$extension = mb_strtolower(pathinfo($filename, PATHINFO_EXTENSION)); $extension = mb_strtolower(pathinfo($filename, PATHINFO_EXTENSION));
if (isset($mime_types[$extension])) { if (isset($mime_types[$extension])) {
......
...@@ -186,16 +186,9 @@ if (!file_exists($path_file)) { ...@@ -186,16 +186,9 @@ if (!file_exists($path_file)) {
throw new Exception(_('Fehler beim Laden der Inhalte der Datei')); throw new Exception(_('Fehler beim Laden der Inhalte der Datei'));
} }
$content_blacklisted = function ($mime) { $allowed_mime_types = get_mime_types();
foreach (['html', 'javascript', 'svg', 'xml'] as $check) {
if (stripos($mime, $check) !== false) {
return true;
}
}
return false;
};
if ($content_blacklisted($content_type)) { if (!in_array($content_type, $allowed_mime_types)) {
$content_type = 'application/octet-stream'; $content_type = 'application/octet-stream';
} }
if (Request::int('force_download') || $content_type == "application/octet-stream") { if (Request::int('force_download') || $content_type == "application/octet-stream") {
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment