diff options
| author | zotlabs <mike@macgirvin.com> | 2017-09-05 21:38:07 -0700 |
|---|---|---|
| committer | zotlabs <mike@macgirvin.com> | 2017-09-05 21:38:07 -0700 |
| commit | 2cce599fd7c45c1f2c3480eeb4e60d99d10d2ea2 (patch) | |
| tree | 6cf6d88406faa6303f72dd59c38b71cdff7bdb6b /Zotlabs/Storage | |
| parent | 7dc99cb4a4b3852e5c16ab71a7bac0e3dca1b2f4 (diff) | |
| download | volse-hubzilla-2cce599fd7c45c1f2c3480eeb4e60d99d10d2ea2.tar.gz volse-hubzilla-2cce599fd7c45c1f2c3480eeb4e60d99d10d2ea2.tar.bz2 volse-hubzilla-2cce599fd7c45c1f2c3480eeb4e60d99d10d2ea2.zip | |
check code rights on cloud files
Diffstat (limited to 'Zotlabs/Storage')
| -rw-r--r-- | Zotlabs/Storage/File.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/Zotlabs/Storage/File.php b/Zotlabs/Storage/File.php index 7a102134f..332bf6896 100644 --- a/Zotlabs/Storage/File.php +++ b/Zotlabs/Storage/File.php @@ -254,7 +254,7 @@ class File extends DAV\Node implements DAV\IFile { // @todo this should be a global definition $unsafe_types = array('text/html', 'text/css', 'application/javascript'); - if (in_array($r[0]['filetype'], $unsafe_types)) { + if (in_array($r[0]['filetype'], $unsafe_types) && (! channel_codeallowed($this->data['uid']))) { header('Content-disposition: attachment; filename="' . $r[0]['filename'] . '"'); header('Content-type: text/plain'); } @@ -300,7 +300,7 @@ class File extends DAV\Node implements DAV\IFile { public function getContentType() { // @todo this should be a global definition. $unsafe_types = array('text/html', 'text/css', 'application/javascript'); - if (in_array($this->data['filetype'], $unsafe_types)) { + if (in_array($this->data['filetype'], $unsafe_types) && (! channel_codeallowed($this->data['uid']))) { return 'text/plain'; } return $this->data['filetype']; |