function testGetSecureMimeType() { $dir = OC::$SERVERROOT . '/tests/data'; $result = OC_Helper::getSecureMimeType('image/svg+xml'); $expected = 'text/plain'; $this->assertEquals($result, $expected); $result = OC_Helper::getSecureMimeType('image/png'); $expected = 'image/png'; $this->assertEquals($result, $expected); }
/** * @param string $filename * @param string $name */ private static function sendHeaders($filename, $name) { OC_Response::setContentDispositionHeader($name, 'attachment'); header('Content-Transfer-Encoding: binary'); OC_Response::disableCaching(); $filesize = \OC\Files\Filesystem::filesize($filename); header('Content-Type: ' . \OC_Helper::getSecureMimeType(\OC\Files\Filesystem::getMimeType($filename))); if ($filesize > -1) { OC_Response::setContentLengthHeader($filesize); } }
/** * Returns the mime-type for a file * * If null is returned, we'll assume application/octet-stream * * @return mixed */ public function getContentType() { $mimeType = $this->info->getMimetype(); // PROPFIND needs to return the correct mime type, for consistency with the web UI if (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'PROPFIND') { return $mimeType; } return \OC_Helper::getSecureMimeType($mimeType); }
/** * Returns the mime-type for a file * * If null is returned, we'll assume application/octet-stream * * @return mixed */ public function getContentType() { $mimeType = $this->info->getMimetype(); return \OC_Helper::getSecureMimeType($mimeType); }
/** * Returns the mime-type for a file * * If null is returned, we'll assume application/octet-stream * * @return mixed */ public function getContentType() { if (isset($this->fileinfo_cache['mimetype'])) { $mimeType = $this->fileinfo_cache['mimetype']; } else { $mimeType = \OC\Files\Filesystem::getMimeType($this->path); } return \OC_Helper::getSecureMimeType($mimeType); }
* * @copyright Copyright (c) 2015, ownCloud, Inc. * @license AGPL-3.0 * * This code is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License, version 3, * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License, version 3, * along with this program. If not, see <http://www.gnu.org/licenses/> * */ OCP\JSON::checkAppEnabled('files_versions'); OCP\JSON::checkLoggedIn(); $file = $_GET['file']; $revision = (int) $_GET['revision']; list($uid, $filename) = OCA\Files_Versions\Storage::getUidAndFilename($file); $versionName = '/' . $uid . '/files_versions/' . $filename . '.v' . $revision; $view = new OC\Files\View('/'); $ftype = \OC_Helper::getSecureMimeType($view->getMimeType('/' . $uid . '/files/' . $filename)); header('Content-Type:' . $ftype); OCP\Response::setContentDispositionHeader(basename($filename), 'attachment'); OCP\Response::disableCaching(); OCP\Response::setContentLengthHeader($view->filesize($versionName)); OC_Util::obEnd(); $view->readfile($versionName);
<?php // Check if we are a user OCP\User::checkLoggedIn(); $filename = $_GET["file"]; if (!\OC\Files\Filesystem::file_exists($filename)) { header("HTTP/1.0 404 Not Found"); $tmpl = new OCP\Template('', '404', 'guest'); $tmpl->assign('file', $filename); $tmpl->printPage(); exit; } $ftype = \OC_Helper::getSecureMimeType(\OC\Files\Filesystem::getMimeType($filename)); header('Content-Type:' . $ftype); OCP\Response::setContentDispositionHeader(basename($filename), 'attachment'); OCP\Response::disableCaching(); OCP\Response::setContentLengthHeader(\OC\Files\Filesystem::filesize($filename)); OC_Util::obEnd(); \OC\Files\Filesystem::readfile($filename);