repobrowse: allow serving PDF files from the 'plain' endpoint

PDFs are no more harmful than images or audio files
(they're not innocuous, but they're more difficult to use as an
 XSS vector).

This prepares us to allow access the MIME_TYPE_WHITELIST for
serving random file types.  But perhaps this will become
object-local to allow serving multiple, independent repobrowse
instances within one process...

diff --git a/lib/PublicInbox/RepobrowseBase.pm b/lib/PublicInbox/RepobrowseBase.pm
index 60da2d948360e40d649263a5f48446041f2096a0..6223ebde587cfb321ddbcd49de84db4b2f7ec518 100644 (file)
--- a/lib/PublicInbox/RepobrowseBase.pm
+++ b/lib/PublicInbox/RepobrowseBase.pm
@@ -5,6 +5,7 @@ use strict;
 use warnings;
 require PublicInbox::RepobrowseGitQuery;
 use PublicInbox::Hval;
+our %MIME_TYPE_WHITELIST = ( 'application/pdf' => 1 );
 
 sub new { bless {}, shift }
 
@@ -46,11 +47,13 @@ sub mime_type_unsafe {
 sub mime_type {
        my ($self, $fn) = @_;
        my $ct = $self->mime_type_unsafe($fn);
+       return unless defined $ct;
 
        # XSS protection.  Assume the browser knows what to do
        # with images/audio/video; but don't allow random HTML from
        # a repository to be served
-       (defined($ct) && $ct =~ m!\A(?:image|audio|video)/!) ? $ct : undef;
+       ($ct =~ m!\A(?:image|audio|video)/! || $MIME_TYPE_WHITELIST{$ct}) ?
+               $ct : undef;
 }
 
 # starts an HTML page for Repobrowse in a consistent way