diff options
| -rwxr-xr-x | fbin/fbin.py | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/fbin/fbin.py b/fbin/fbin.py index c449a55..a195594 100755 --- a/fbin/fbin.py +++ b/fbin/fbin.py @@ -176,7 +176,15 @@ def _file(hash, ext=None, filename=None): return path if not path or not os.path.exists(path): abort(404) - return send_file(path, attachment_filename=f.filename) + mimetype = f.get_mime_type() + # Serve blacklisted mimetypes as either text/plain or application/octet-stream + if mimetype in current_app.config['MIMETYPE_BLACKLIST'] and (f.user is None + or f.user.username not in current_app.config['MIMETYPE_USER_WHITELIST']): + if mimetype.startswith('text/'): + mimetype = 'text/plain' + else: + mimetype = 'application/octet-stream' + return send_file(path, mimetype=mimetype, attachment_filename=f.filename) @app.route('/l') @app.route('/login') |