From: Eric Wong <e@80x24.org>
Date: Sun, 17 Jan 2016 00:18:02 +0000 (+0000)
Subject: repobrowse: allow serving PDF files from the 'plain' endpoint
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9529f4321b0f9e054396614a47d77c5b6dbe56a4;p=thirdparty%2Fpublic-inbox.git

repobrowse: allow serving PDF files from the 'plain' endpoint

PDFs are no more harmful than images or audio files
(they're not innocuous, but they're more difficult to use as an
 XSS vector).

This prepares us to allow access the MIME_TYPE_WHITELIST for
serving random file types.  But perhaps this will become
object-local to allow serving multiple, independent repobrowse
instances within one process...
---

diff --git a/lib/PublicInbox/RepobrowseBase.pm b/lib/PublicInbox/RepobrowseBase.pm
index 60da2d948..6223ebde5 100644
--- a/lib/PublicInbox/RepobrowseBase.pm
+++ b/lib/PublicInbox/RepobrowseBase.pm
@@ -5,6 +5,7 @@ use strict;
 use warnings;
 require PublicInbox::RepobrowseGitQuery;
 use PublicInbox::Hval;
+our %MIME_TYPE_WHITELIST = ( 'application/pdf' => 1 );
 
 sub new { bless {}, shift }
 
@@ -46,11 +47,13 @@ sub mime_type_unsafe {
 sub mime_type {
 	my ($self, $fn) = @_;
 	my $ct = $self->mime_type_unsafe($fn);
+	return unless defined $ct;
 
 	# XSS protection.  Assume the browser knows what to do
 	# with images/audio/video; but don't allow random HTML from
 	# a repository to be served
-	(defined($ct) && $ct =~ m!\A(?:image|audio|video)/!) ? $ct : undef;
+	($ct =~ m!\A(?:image|audio|video)/! || $MIME_TYPE_WHITELIST{$ct}) ?
+		$ct : undef;
 }
 
 # starts an HTML page for Repobrowse in a consistent way