From: Patrick Canterino <patrick@patrick-canterino.de>
Date: Sat, 10 Jan 2026 15:29:40 +0000 (+0100)
Subject: Merge branch 'bug_mime_sniffing' into 'next-release'
X-Git-Tag: 4.7.1~8
X-Git-Url: https://git.p6c8.net/jirafeau/jirafeau.git/commitdiff_plain/refs/pipelines/2255593631?hp=9832ac10b3a5915e8dfe7672a83449b0bc1a76c4

Merge branch 'bug_mime_sniffing' into 'next-release'

Disable MIME sniffing to prevent preview of invalid (propably harmful) file types

See merge request jirafeau/Jirafeau!29
---

diff --git a/f.php b/f.php
index 922668f..269b10b 100644
--- a/f.php
+++ b/f.php
@@ -231,6 +231,7 @@ if (!jirafeau_is_viewable($link['mime_type']) || !$cfg['preview'] || $do_downloa
     header('Content-Disposition: attachment; filename="' . $link['file_name'] . '"');
 } else {
     header('Content-Disposition: filename="' . $link['file_name'] . '"');
+    header('X-Content-Type-Options: nosniff');
 }
 header('Content-Type: ' . $link['mime_type']);
 if ($cfg['file_hash'] == "md5") {