From c01190fac279b38d8ee74a636d8cf9c2fd7a7285 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Thu, 17 Oct 2024 00:18:34 +0100
Subject: [PATCH] Conditionally add content-type

Signed-off-by: snipe <snipe@snipe.net>
---
 app/Http/Controllers/Users/UserFilesController.php | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/app/Http/Controllers/Users/UserFilesController.php b/app/Http/Controllers/Users/UserFilesController.php
index 377692965b..15b8018b78 100644
--- a/app/Http/Controllers/Users/UserFilesController.php
+++ b/app/Http/Controllers/Users/UserFilesController.php
@@ -132,15 +132,19 @@ class UserFilesController extends Controller
                 $file = 'private_uploads/users/'.$log->filename;
 
 
-                if ((request('inline') == 'true') && (StorageHelper::allowSafeInline($file) === false)) {
 
-                    // Display the file as text is not allowed for security reasons
+                if (request('inline') == 'true') {
+
                     $headers = [
                         'Content-Disposition' => 'inline',
-                        'Content-Type' => 'text/plain',
                     ];
-                    return Storage::download($file, $log->filename, $headers);
 
+                    // This is NOT allowed as inline - force it to be displayed as text
+                    if (StorageHelper::allowSafeInline($file) === false) {
+                        array_push($headers, ['Content-Type' => 'text/plain']);
+                    }
+
+                    return Storage::download($file, $log->filename, $headers);
                 }
 
                 return Storage::download($file);