From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 config/mimetypes.php |   10 +++++++++-
 1 files changed, 9 insertions(+), 1 deletions(-)

diff --git a/config/mimetypes.php b/config/mimetypes.php
index 3e3ed30..7665df3 100644
--- a/config/mimetypes.php
+++ b/config/mimetypes.php
@@ -1,5 +1,12 @@
 <?php
 
+/**
+ * Local mapping file to specify mime-types based on common file-name extensions
+ *
+ * Please note that this mapping takes precedence over the content-based mime-type detection
+ * and should only contain mappings which cannot be detected properly from the file contents.
+ */
+
 return array(
   'xls' => 'application/vnd.ms-excel',
   'xlm' => 'application/vnd.ms-excel',
@@ -7,6 +14,7 @@
   'xlc' => 'application/vnd.ms-excel',
   'xlt' => 'application/vnd.ms-excel',
   'xlw' => 'application/vnd.ms-excel',
+  'pdf' => 'application/pdf',
   'ppt' => 'application/vnd.ms-powerpoint',
   'pps' => 'application/vnd.ms-powerpoint',
   'pot' => 'application/vnd.ms-powerpoint',
@@ -45,4 +53,4 @@
   'ics' => 'text/calendar',
 );
 
-?>
\ No newline at end of file
+?>

--
Gitblit v1.9.1