diff --git a/src/applications/files/config/PhabricatorFilesConfigOptions.php b/src/applications/files/config/PhabricatorFilesConfigOptions.php --- a/src/applications/files/config/PhabricatorFilesConfigOptions.php +++ b/src/applications/files/config/PhabricatorFilesConfigOptions.php @@ -135,8 +135,9 @@ pht( "Configure which uploaded file types may be viewed directly ". "in the browser. Other file types will be downloaded instead ". - "of displayed. This is mainly a usability consideration, since ". - "browsers tend to freak out when viewing very large binary files.". + "of displayed. This is a usability and security consideration, ". + "since browsers tend to freak out when viewing very large ". + "binary files, and some file types are vulnerable to XSS attacks.". "\n\n". "The keys in this map are viewable MIME types; the values are ". "the MIME types they are delivered as when they are viewed in ". diff --git a/src/applications/files/document/PhabricatorPDFDocumentEngine.php b/src/applications/files/document/PhabricatorPDFDocumentEngine.php --- a/src/applications/files/document/PhabricatorPDFDocumentEngine.php +++ b/src/applications/files/document/PhabricatorPDFDocumentEngine.php @@ -14,14 +14,16 @@ } protected function canRenderDocumentType(PhabricatorDocumentRef $ref) { - // Since we just render a link to the document anyway, we don't need to - // check anything fancy in config to see if the MIME type is actually - // viewable. + $viewable_types = PhabricatorEnv::getEnvConfig('files.viewable-mime-types'); + $viewable_types = array_keys($viewable_types); - return $ref->hasAnyMimeType( - array( - 'application/pdf', - )); + $pdf_types = array( + 'application/pdf', + ); + + return + $ref->hasAnyMimeType($viewable_types) && + $ref->hasAnyMimeType($pdf_types); } protected function newDocumentContent(PhabricatorDocumentRef $ref) {