From 2cce599fd7c45c1f2c3480eeb4e60d99d10d2ea2 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Tue, 5 Sep 2017 21:38:07 -0700
Subject: check code rights on cloud files

---
 Zotlabs/Module/Attach.php  | 2 +-
 Zotlabs/Module/Getfile.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'Zotlabs/Module')

diff --git a/Zotlabs/Module/Attach.php b/Zotlabs/Module/Attach.php
index 94f46978a..490d5edd0 100644
--- a/Zotlabs/Module/Attach.php
+++ b/Zotlabs/Module/Attach.php
@@ -31,7 +31,7 @@ class Attach extends \Zotlabs\Web\Controller {
 	
 		$unsafe_types = array('text/html','text/css','application/javascript');
 	
-		if(in_array($r['data']['filetype'],$unsafe_types)) {
+		if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($r['data']['uid']))) {
 				header('Content-type: text/plain');
 		}
 		else {
diff --git a/Zotlabs/Module/Getfile.php b/Zotlabs/Module/Getfile.php
index 0b05d78a4..413a68e0c 100644
--- a/Zotlabs/Module/Getfile.php
+++ b/Zotlabs/Module/Getfile.php
@@ -108,7 +108,7 @@ class Getfile extends \Zotlabs\Web\Controller {
 			
 		$unsafe_types = array('text/html','text/css','application/javascript');
 	
-		if(in_array($r['data']['filetype'],$unsafe_types)) {
+		if(in_array($r['data']['filetype'],$unsafe_types) && (! channel_codeallowed($channel['channel_id']))) {
 				header('Content-type: text/plain');
 		}
 		else {
-- 
cgit v1.2.3