diff options
| author | zotlabs <mike@macgirvin.com> | 2017-09-05 21:38:07 -0700 |
|---|---|---|
| committer | zotlabs <mike@macgirvin.com> | 2017-09-05 21:38:07 -0700 |
| commit | 2cce599fd7c45c1f2c3480eeb4e60d99d10d2ea2 (patch) | |
| tree | 6cf6d88406faa6303f72dd59c38b71cdff7bdb6b | |
| parent | 7dc99cb4a4b3852e5c16ab71a7bac0e3dca1b2f4 (diff) | |
| download | volse-hubzilla-2cce599fd7c45c1f2c3480eeb4e60d99d10d2ea2.tar.gz volse-hubzilla-2cce599fd7c45c1f2c3480eeb4e60d99d10d2ea2.tar.bz2 volse-hubzilla-2cce599fd7c45c1f2c3480eeb4e60d99d10d2ea2.zip | |
check code rights on cloud files
| -rw-r--r-- | Zotlabs/Module/Attach.php | 2 | ||||
| -rw-r--r-- | Zotlabs/Module/Getfile.php | 2 | ||||
| -rw-r--r-- | Zotlabs/Storage/File.php | 4 |
3 files changed, 4 insertions, 4 deletions
diff --git a/Zotlabs/Module/Attach.php b/Zotlabs/Module/Attach.php index 94f46978a..490d5edd0 100644 --- a/Zotlabs/Module/Attach.php +++ b/Zotlabs/Module/Attach.php @@ -31,7 +31,7 @@ class Attach extends \Zotlabs\Web\Controller { $unsafe_types = array('text/html','text/css','application/javascript'); - if(in_array($r['data']['filetype'],$unsafe_types)) { + if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($r['data']['uid']))) { header('Content-type: text/plain'); } else { diff --git a/Zotlabs/Module/Getfile.php b/Zotlabs/Module/Getfile.php index 0b05d78a4..413a68e0c 100644 --- a/Zotlabs/Module/Getfile.php +++ b/Zotlabs/Module/Getfile.php @@ -108,7 +108,7 @@ class Getfile extends \Zotlabs\Web\Controller { $unsafe_types = array('text/html','text/css','application/javascript'); - if(in_array($r['data']['filetype'],$unsafe_types)) { + if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($channel['channel_id']))) { header('Content-type: text/plain'); } else { diff --git a/Zotlabs/Storage/File.php b/Zotlabs/Storage/File.php index 7a102134f..332bf6896 100644 --- a/Zotlabs/Storage/File.php +++ b/Zotlabs/Storage/File.php @@ -254,7 +254,7 @@ class File extends DAV\Node implements DAV\IFile { // @todo this should be a global definition $unsafe_types = array('text/html', 'text/css', 'application/javascript'); - if (in_array($r[0]['filetype'], $unsafe_types)) { + if (in_array($r[0]['filetype'], $unsafe_types) && (! channel_codeallowed($this->data['uid']))) { header('Content-disposition: attachment; filename="' . $r[0]['filename'] . '"'); header('Content-type: text/plain'); } @@ -300,7 +300,7 @@ class File extends DAV\Node implements DAV\IFile { public function getContentType() { // @todo this should be a global definition. $unsafe_types = array('text/html', 'text/css', 'application/javascript'); - if (in_array($this->data['filetype'], $unsafe_types)) { + if (in_array($this->data['filetype'], $unsafe_types) && (! channel_codeallowed($this->data['uid']))) { return 'text/plain'; } return $this->data['filetype']; |