Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-02-07 16:41:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix regression in website module to get javascript files

Browse Source
This commit is contained in:
Laurent Destailleur
2020-09-17 20:55:20 +02:00
parent 0f0e4feeaf
commit f5908c29da
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
htdocs/document.php
View File

@@ -157,7 +157,8 @@ $type = 'application/octet-stream'; // By default
if (GETPOST('type', 'alpha')) $type = GETPOST('type', 'alpha');
else $type = dol_mimetype($original_file);
// Security: Force to octet-stream if file is a dangerous file. For example when it is a .noexe file
if (!dolIsAllowedForPreview($original_file)) {
// We do not force if file is a javascript to be able to get js from website module with <script src="
if (! in_array($type, array('text/x-javascript')) && !dolIsAllowedForPreview($original_file)) {
$type = 'application/octet-stream';
}